-
Notifications
You must be signed in to change notification settings - Fork 4.3k
Commit 0d674e4
authored
feat: update L1 CloudFormation resource definitions (#35320)
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-appintegrations
│ └ resources
│ └[~] resource AWS::AppIntegrations::Application
│ └ properties
│ └ IsService: (documentation changed)
├[~] service aws-aps
│ └ resources
│ ├[+] resource AWS::APS::ResourcePolicy
│ │ ├ name: ResourcePolicy
│ │ │ cloudFormationType: AWS::APS::ResourcePolicy
│ │ │ documentation: Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace.
│ │ │ Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see [Prometheus-compatible APIs](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-APIReference-Prometheus-Compatible-Apis.html) in the *Amazon Managed Service for Prometheus User Guide* .
│ │ │ If your workspace uses customer-managed AWS KMS keys for encryption, you must grant the principals in your resource-based policy access to those AWS KMS keys. You can do this by creating AWS KMS grants. For more information, see [CreateGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) in the *AWS KMS API Reference* and [Encryption at rest](https://docs.aws.amazon.com/prometheus/latest/userguide/encryption-at-rest-Amazon-Service-Prometheus.html) in the *Amazon Managed Service for Prometheus User Guide* .
│ │ │ For more information about working with IAM , see [Using Amazon Managed Service for Prometheus with IAM](https://docs.aws.amazon.com/prometheus/latest/userguide/security_iam_service-with-iam.html) in the *Amazon Managed Service for Prometheus User Guide* .
│ │ └ properties
│ │ ├ WorkspaceArn: string (required, immutable)
│ │ └ PolicyDocument: string (required)
│ └[~] resource AWS::APS::Workspace
│ ├ properties
│ │ └ LoggingConfiguration: (documentation changed)
│ └ types
│ └[~] type LoggingFilter
│ └ properties
│ └ QspThreshold: (documentation changed)
├[~] service aws-b2bi
│ └ resources
│ └[~] resource AWS::B2BI::Transformer
│ └ types
│ ├[~] type OutputConversion
│ │ └ properties
│ │ └[+] AdvancedOptions: AdvancedOptions
│ ├[~] type X12AdvancedOptions
│ │ └ properties
│ │ └[+] ValidationOptions: X12ValidationOptions
│ ├[+] type X12CodeListValidationRule
│ │ ├ name: X12CodeListValidationRule
│ │ └ properties
│ │ ├ ElementId: string (required)
│ │ ├ CodesToAdd: Array<string>
│ │ └ CodesToRemove: Array<string>
│ ├[+] type X12ElementLengthValidationRule
│ │ ├ name: X12ElementLengthValidationRule
│ │ └ properties
│ │ ├ ElementId: string (required)
│ │ ├ MaxLength: number (required)
│ │ └ MinLength: number (required)
│ ├[+] type X12ElementRequirementValidationRule
│ │ ├ name: X12ElementRequirementValidationRule
│ │ └ properties
│ │ ├ ElementPosition: string (required)
│ │ └ Requirement: string (required)
│ ├[+] type X12ValidationOptions
│ │ ├ name: X12ValidationOptions
│ │ └ properties
│ │ └ ValidationRules: Array<X12ValidationRule>
│ └[+] type X12ValidationRule
│ ├ name: X12ValidationRule
│ └ properties
│ ├ CodeListValidationRule: X12CodeListValidationRule
│ ├ ElementLengthValidationRule: X12ElementLengthValidationRule
│ └ ElementRequirementValidationRule: X12ElementRequirementValidationRule
├[~] service aws-batch
│ └ resources
│ └[~] resource AWS::Batch::ComputeEnvironment
│ └ types
│ ├[~] type ComputeResources
│ │ └ properties
│ │ └ InstanceTypes: (documentation changed)
│ └[~] type LaunchTemplateSpecificationOverride
│ └ properties
│ └ TargetInstanceTypes: (documentation changed)
├[~] service aws-datazone
│ └ resources
│ └[+] resource AWS::DataZone::PolicyGrant
│ ├ name: PolicyGrant
│ │ cloudFormationType: AWS::DataZone::PolicyGrant
│ │ documentation: Policy Grant in AWS DataZone is an explicit authorization assignment that allows a specific principal (user, group, or project) to perform particular actions (such as creating glossary terms, managing projects, or accessing resources) on governed resources within a certain scope (like a Domain Unit or Project). Policy Grants are essentially the mechanism by which DataZone enforces fine-grained, role-based access control beyond what is possible through AWS IAM alone.
│ ├ properties
│ │ ├ EntityType: string (required, immutable)
│ │ ├ PolicyType: string (required, immutable)
│ │ ├ EntityIdentifier: string (required, immutable)
│ │ ├ Detail: PolicyGrantDetail (immutable)
│ │ ├ Principal: PolicyGrantPrincipal (immutable)
│ │ └ DomainIdentifier: string (required, immutable)
│ ├ attributes
│ │ ├ GrantId: string
│ │ ├ CreatedAt: string
│ │ └ CreatedBy: string
│ └ types
│ ├ type AddToProjectMemberPoolPolicyGrantDetail
│ │ ├ name: AddToProjectMemberPoolPolicyGrantDetail
│ │ └ properties
│ │ └ IncludeChildDomainUnits: boolean
│ ├ type CreateAssetTypePolicyGrantDetail
│ │ ├ name: CreateAssetTypePolicyGrantDetail
│ │ └ properties
│ │ └ IncludeChildDomainUnits: boolean
│ ├ type CreateDomainUnitPolicyGrantDetail
│ │ ├ name: CreateDomainUnitPolicyGrantDetail
│ │ └ properties
│ │ └ IncludeChildDomainUnits: boolean
│ ├ type CreateEnvironmentProfilePolicyGrantDetail
│ │ ├ name: CreateEnvironmentProfilePolicyGrantDetail
│ │ └ properties
│ │ └ DomainUnitId: string
│ ├ type CreateFormTypePolicyGrantDetail
│ │ ├ name: CreateFormTypePolicyGrantDetail
│ │ └ properties
│ │ └ IncludeChildDomainUnits: boolean
│ ├ type CreateGlossaryPolicyGrantDetail
│ │ ├ name: CreateGlossaryPolicyGrantDetail
│ │ └ properties
│ │ └ IncludeChildDomainUnits: boolean
│ ├ type CreateProjectFromProjectProfilePolicyGrantDetail
│ │ ├ name: CreateProjectFromProjectProfilePolicyGrantDetail
│ │ └ properties
│ │ ├ ProjectProfiles: Array<string>
│ │ └ IncludeChildDomainUnits: boolean
│ ├ type CreateProjectPolicyGrantDetail
│ │ ├ name: CreateProjectPolicyGrantDetail
│ │ └ properties
│ │ └ IncludeChildDomainUnits: boolean
│ ├ type DomainUnitFilterForProject
│ │ ├ name: DomainUnitFilterForProject
│ │ └ properties
│ │ ├ DomainUnit: string (required)
│ │ └ IncludeChildDomainUnits: boolean (default=false)
│ ├ type DomainUnitGrantFilter
│ │ ├ name: DomainUnitGrantFilter
│ │ └ properties
│ │ └ AllDomainUnitsGrantFilter: json (required)
│ ├ type DomainUnitPolicyGrantPrincipal
│ │ ├ name: DomainUnitPolicyGrantPrincipal
│ │ └ properties
│ │ ├ DomainUnitGrantFilter: DomainUnitGrantFilter
│ │ ├ DomainUnitDesignation: string
│ │ └ DomainUnitIdentifier: string
│ ├ type GroupPolicyGrantPrincipal
│ │ ├ name: GroupPolicyGrantPrincipal
│ │ └ properties
│ │ └ GroupIdentifier: string (required)
│ ├ type OverrideDomainUnitOwnersPolicyGrantDetail
│ │ ├ name: OverrideDomainUnitOwnersPolicyGrantDetail
│ │ └ properties
│ │ └ IncludeChildDomainUnits: boolean
│ ├ type OverrideProjectOwnersPolicyGrantDetail
│ │ ├ name: OverrideProjectOwnersPolicyGrantDetail
│ │ └ properties
│ │ └ IncludeChildDomainUnits: boolean
│ ├ type PolicyGrantDetail
│ │ ├ name: PolicyGrantDetail
│ │ └ properties
│ │ ├ CreateDomainUnit: CreateDomainUnitPolicyGrantDetail
│ │ ├ OverrideDomainUnitOwners: OverrideDomainUnitOwnersPolicyGrantDetail
│ │ ├ AddToProjectMemberPool: AddToProjectMemberPoolPolicyGrantDetail
│ │ ├ OverrideProjectOwners: OverrideProjectOwnersPolicyGrantDetail
│ │ ├ CreateGlossary: CreateGlossaryPolicyGrantDetail
│ │ ├ CreateFormType: CreateFormTypePolicyGrantDetail
│ │ ├ CreateAssetType: CreateAssetTypePolicyGrantDetail
│ │ ├ CreateProject: CreateProjectPolicyGrantDetail
│ │ ├ CreateEnvironmentProfile: CreateEnvironmentProfilePolicyGrantDetail
│ │ ├ DelegateCreateEnvironmentProfile: json
│ │ ├ CreateEnvironment: json
│ │ ├ CreateEnvironmentFromBlueprint: json
│ │ └ CreateProjectFromProjectProfile: CreateProjectFromProjectProfilePolicyGrantDetail
│ ├ type PolicyGrantPrincipal
│ │ ├ name: PolicyGrantPrincipal
│ │ └ properties
│ │ ├ User: UserPolicyGrantPrincipal
│ │ ├ Group: GroupPolicyGrantPrincipal
│ │ ├ Project: ProjectPolicyGrantPrincipal
│ │ └ DomainUnit: DomainUnitPolicyGrantPrincipal
│ ├ type ProjectGrantFilter
│ │ ├ name: ProjectGrantFilter
│ │ └ properties
│ │ └ DomainUnitFilter: DomainUnitFilterForProject (required)
│ ├ type ProjectPolicyGrantPrincipal
│ │ ├ name: ProjectPolicyGrantPrincipal
│ │ └ properties
│ │ ├ ProjectIdentifier: string
│ │ ├ ProjectDesignation: string
│ │ └ ProjectGrantFilter: ProjectGrantFilter
│ └ type UserPolicyGrantPrincipal
│ ├ name: UserPolicyGrantPrincipal
│ └ properties
│ ├ UserIdentifier: string
│ └ AllUsersGrantFilter: json
├[~] service aws-deadline
│ └ resources
│ ├[~] resource AWS::Deadline::Fleet
│ │ └ attributes
│ │ └ StatusMessage: (documentation changed)
│ └[~] resource AWS::Deadline::LicenseEndpoint
│ └ properties
│ └ VpcId: (documentation changed)
├[~] service aws-dynamodb
│ └ resources
│ ├[~] resource AWS::DynamoDB::GlobalTable
│ │ └ types
│ │ └[~] type ContributorInsightsSpecification
│ │ └ properties
│ │ └ Mode: (documentation changed)
│ └[~] resource AWS::DynamoDB::Table
│ ├ properties
│ │ ├ ContributorInsightsSpecification: (documentation changed)
│ │ └ StreamSpecification: (documentation changed)
│ └ types
│ ├[~] type ContributorInsightsSpecification
│ │ ├ - documentation: The settings used to enable or disable CloudWatch Contributor Insights.
│ │ │ + documentation: Configures contributor insights settings for a table or one of its indexes.
│ │ └ properties
│ │ └ Mode: (documentation changed)
│ ├[~] type GlobalSecondaryIndex
│ │ └ properties
│ │ └ ContributorInsightsSpecification: (documentation changed)
│ └[~] type StreamSpecification
│ └ properties
│ └ ResourcePolicy: (documentation changed)
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::IpPoolRouteTableAssociation
│ │ ├ - documentation: Resource Type definition for AWS::EC2::IpPoolRouteTableAssociation
│ │ │ + documentation: A route server association is the connection established between a route server and a VPC.
│ │ ├ properties
│ │ │ ├ PublicIpv4Pool: (documentation changed)
│ │ │ └ RouteTableId: (documentation changed)
│ │ └ attributes
│ │ └ AssociationId: (documentation changed)
│ └[~] resource AWS::EC2::VPNConnection
│ └ properties
│ └[+] PreSharedKeyStorage: string (immutable)
├[~] service aws-ecs
│ └ resources
│ └[~] resource AWS::ECS::Service
│ └ properties
│ └ AvailabilityZoneRebalancing: - string (default="ENABLED")
│ + string (default="DISABLED")
├[~] service aws-eks
│ └ resources
│ └[~] resource AWS::EKS::Addon
│ ├ properties
│ │ └[+] NamespaceConfig: NamespaceConfig (immutable)
│ └ types
│ └[+] type NamespaceConfig
│ ├ documentation: The custom namespace configuration to use with the add-on
│ │ name: NamespaceConfig
│ └ properties
│ └ Namespace: string (required)
├[~] service aws-entityresolution
│ └ resources
│ └[~] resource AWS::EntityResolution::IdMappingWorkflow
│ ├ properties
│ │ └[+] IdMappingIncrementalRunConfig: IdMappingIncrementalRunConfig
│ └ types
│ └[+] type IdMappingIncrementalRunConfig
│ ├ name: IdMappingIncrementalRunConfig
│ └ properties
│ └ IncrementalRunType: string (required)
├[~] service aws-events
│ └ resources
│ └[~] resource AWS::Events::Rule
│ ├ - tagInformation: undefined
│ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ └ properties
│ └[+] Tags: Array<tag>
├[~] service aws-fsx
│ └ resources
│ └[~] resource AWS::FSx::FileSystem
│ ├ properties
│ │ └[+] NetworkType: string
│ └ types
│ └[~] type OpenZFSConfiguration
│ └ properties
│ └[+] EndpointIpv6AddressRange: string
├[~] service aws-glue
│ └ resources
│ ├[~] resource AWS::Glue::Connection
│ │ └ types
│ │ └[~] type ConnectionInput
│ │ └ properties
│ │ └ ConnectionType: (documentation changed)
│ └[~] resource AWS::Glue::TableOptimizer
│ └ types
│ ├[+] type IcebergRetentionConfiguration
│ │ ├ name: IcebergRetentionConfiguration
│ │ └ properties
│ │ ├ SnapshotRetentionPeriodInDays: integer
│ │ ├ NumberOfSnapshotsToRetain: integer
│ │ └ CleanExpiredFiles: boolean
│ └[~] type RetentionConfiguration
│ └ properties
│ └ IcebergConfiguration: - IcebergConfiguration
│ + IcebergConfiguration ⇐ IcebergRetentionConfiguration
├[~] service aws-guardduty
│ └ resources
│ ├[~] resource AWS::GuardDuty::IPSet
│ │ ├ - documentation: The `AWS::GuardDuty::IPSet` resource specifies a new `IPSet` . An `IPSet` is a list of trusted IP addresses from which secure communication is allowed with AWS infrastructure and applications.
│ │ │ + documentation: The `AWS::GuardDuty::IPSet` resource helps you create a list of trusted IP addresses that you can use for secure communication with AWS infrastructure and applications. Once you activate this list, GuardDuty will not generate findings when there is an activity associated with these safe IP addresses.
│ │ │ Only the users of the GuardDuty administrator account can manage this list. These settings are also applied to the member accounts.
│ │ └ properties
│ │ ├ Activate: (documentation changed)
│ │ ├ Format: (documentation changed)
│ │ ├ Name: (documentation changed)
│ │ └ Tags: (documentation changed)
│ ├[~] resource AWS::GuardDuty::ThreatEntitySet
│ │ ├ - documentation: Resource Type definition for AWS::GuardDuty::ThreatEntitySet
│ │ │ + documentation: The `AWS::GuardDuty::ThreatEntitySet` resource helps you create a list of known malicious IP addresses and domain names in your AWS environment. Once you activate this list, GuardDuty will use the entries in this list as an additional source of threat detection and generate findings when there is an activity associated with these known malicious IP addresses and domain names. GuardDuty continues to monitor independently of this custom threat entity set.
│ │ │ Only the users of the GuardDuty administrator account can manage this list. These settings automatically apply to the member accounts.
│ │ ├ properties
│ │ │ ├ Activate: (documentation changed)
│ │ │ ├ DetectorId: (documentation changed)
│ │ │ ├ ExpectedBucketOwner: (documentation changed)
│ │ │ ├ Format: (documentation changed)
│ │ │ ├ Location: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ ├ attributes
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ ├ ErrorDetails: (documentation changed)
│ │ │ ├ Id: (documentation changed)
│ │ │ ├ Status: (documentation changed)
│ │ │ └ UpdatedAt: (documentation changed)
│ │ └ types
│ │ └[~] type TagItem
│ │ ├ - documentation: undefined
│ │ │ + documentation: Describes a tag. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .
│ │ └ properties
│ │ ├ Key: (documentation changed)
│ │ └ Value: (documentation changed)
│ ├[~] resource AWS::GuardDuty::ThreatIntelSet
│ │ ├ - documentation: The `AWS::GuardDuty::ThreatIntelSet` resource specifies a new `ThreatIntelSet` . A `ThreatIntelSet` consists of known malicious IP addresses. GuardDuty generates findings based on the `ThreatIntelSet` after it is activated.
│ │ │ + documentation: The `AWS::GuardDuty::ThreatIntelSet` resource helps you create a list of known malicious IP addresses in your AWS environment. Once you activate this list, GuardDuty will use list the entries in this list as an additional source for threat detection and generate findings when there is an activity associated with these known malicious IP addresses. GuardDuty continues to monitor independently of this custom threat intelligence set.
│ │ │ Only the users of the GuardDuty administrator account can manage this list. These settings automatically apply to the member accounts.
│ │ └ properties
│ │ ├ Activate: (documentation changed)
│ │ ├ DetectorId: (documentation changed)
│ │ ├ Format: (documentation changed)
│ │ ├ Name: (documentation changed)
│ │ └ Tags: (documentation changed)
│ └[~] resource AWS::GuardDuty::TrustedEntitySet
│ ├ - documentation: Resource Type definition for AWS::GuardDuty::TrustedEntitySet
│ │ + documentation: The `AWS::GuardDuty::TrustedEntitySet` resource helps you create a list of IP addresses and domain names that you can use for secure communication with your AWS infrastructure and applications. Once you activate this list, GuardDuty will not generate findings when there is an activity associated with these safe IP addresses and domain names. At any given time, you can have only one trusted entity set.
│ │ Only the users of the GuardDuty administrator account can manage the entity sets. These settings automatically apply member accounts.
│ ├ properties
│ │ ├ Activate: (documentation changed)
│ │ ├ DetectorId: (documentation changed)
│ │ ├ ExpectedBucketOwner: (documentation changed)
│ │ ├ Format: (documentation changed)
│ │ ├ Location: (documentation changed)
│ │ ├ Name: (documentation changed)
│ │ └ Tags: (documentation changed)
│ ├ attributes
│ │ ├ CreatedAt: (documentation changed)
│ │ ├ ErrorDetails: (documentation changed)
│ │ ├ Status: (documentation changed)
│ │ └ UpdatedAt: (documentation changed)
│ └ types
│ └[~] type TagItem
│ ├ - documentation: undefined
│ │ + documentation: Describes a tag. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .
│ └ properties
│ ├ Key: (documentation changed)
│ └ Value: (documentation changed)
├[~] service aws-inspectorv2
│ └ resources
│ ├[~] resource AWS::InspectorV2::CodeSecurityIntegration
│ │ ├ - documentation: Inspector CodeSecurityIntegration resource schema
│ │ │ + documentation: Creates a code security integration with a source code repository provider.
│ │ ├ properties
│ │ │ ├ CreateIntegrationDetails: (documentation changed)
│ │ │ ├ Name: (documentation changed)
│ │ │ ├ Tags: (documentation changed)
│ │ │ ├ Type: (documentation changed)
│ │ │ └ UpdateIntegrationDetails: (documentation changed)
│ │ ├ attributes
│ │ │ ├ Arn: (documentation changed)
│ │ │ ├ AuthorizationUrl: (documentation changed)
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ ├ LastUpdatedAt: (documentation changed)
│ │ │ ├ Status: (documentation changed)
│ │ │ └ StatusReason: (documentation changed)
│ │ └ types
│ │ ├[~] type CreateDetails
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: Contains details required to create a code security integration with a specific repository provider.
│ │ │ └ properties
│ │ │ └ gitlabSelfManaged: (documentation changed)
│ │ ├[~] type CreateGitLabSelfManagedIntegrationDetail
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: Contains details required to create an integration with a self-managed GitLab instance.
│ │ │ └ properties
│ │ │ ├ accessToken: (documentation changed)
│ │ │ └ instanceUrl: (documentation changed)
│ │ ├[~] type UpdateDetails
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: Contains details required to update a code security integration with a specific repository provider.
│ │ │ └ properties
│ │ │ ├ github: (documentation changed)
│ │ │ └ gitlabSelfManaged: (documentation changed)
│ │ ├[~] type UpdateGitHubIntegrationDetail
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: Contains details required to update an integration with GitHub.
│ │ │ └ properties
│ │ │ ├ code: (documentation changed)
│ │ │ └ installationId: (documentation changed)
│ │ └[~] type UpdateGitLabSelfManagedIntegrationDetail
│ │ ├ - documentation: undefined
│ │ │ + documentation: Contains details required to update an integration with a self-managed GitLab instance.
│ │ └ properties
│ │ └ authCode: (documentation changed)
│ └[~] resource AWS::InspectorV2::CodeSecurityScanConfiguration
│ ├ - documentation: Inspector CodeSecurityScanConfiguration resource schema
│ │ + documentation: Creates a scan configuration for code security scanning.
│ ├ properties
│ │ ├ Configuration: (documentation changed)
│ │ ├ Level: (documentation changed)
│ │ ├ Name: (documentation changed)
│ │ ├ ScopeSettings: (documentation changed)
│ │ └ Tags: (documentation changed)
│ ├ attributes
│ │ └ Arn: (documentation changed)
│ └ types
│ ├[~] type CodeSecurityScanConfiguration
│ │ ├ - documentation: undefined
│ │ │ + documentation: Contains the configuration settings for code security scans.
│ │ └ properties
│ │ ├ continuousIntegrationScanConfiguration: (documentation changed)
│ │ ├ periodicScanConfiguration: (documentation changed)
│ │ └ ruleSetCategories: (documentation changed)
│ ├[~] type ContinuousIntegrationScanConfiguration
│ │ ├ - documentation: undefined
│ │ │ + documentation: Configuration settings for continuous integration scans that run automatically when code changes are made.
│ │ └ properties
│ │ └ supportedEvents: (documentation changed)
│ ├[~] type PeriodicScanConfiguration
│ │ ├ - documentation: undefined
│ │ │ + documentation: Configuration settings for periodic scans that run on a scheduled basis.
│ │ └ properties
│ │ ├ frequency: (documentation changed)
│ │ └ frequencyExpression: (documentation changed)
│ └[~] type ScopeSettings
│ ├ - documentation: undefined
│ │ + documentation: The scope settings that define which repositories will be scanned. If the `ScopeSetting` parameter is `ALL` the scan configuration applies to all existing and future projects imported into Amazon Inspector .
│ └ properties
│ └ projectSelectionScope: (documentation changed)
├[~] service aws-kinesisanalyticsv2
│ └ resources
│ └[~] resource AWS::KinesisAnalyticsV2::Application
│ └ types
│ ├[~] type ApplicationConfiguration
│ │ └ properties
│ │ └[+] ApplicationEncryptionConfiguration: ApplicationEncryptionConfiguration
│ └[+] type ApplicationEncryptionConfiguration
│ ├ documentation: Describes whether customer managed key is enabled and key details for customer data encryption
│ │ name: ApplicationEncryptionConfiguration
│ └ properties
│ ├ KeyId: string
│ └ KeyType: string (required)
├[~] service aws-logs
│ └ resources
│ ├[~] resource AWS::Logs::DeliveryDestination
│ │ └ types
│ │ └[~] type DestinationPolicy
│ │ ├ - documentation: undefined
│ │ │ + documentation: An IAM policy that grants permissions to CloudWatch Logs to deliver logs cross-account to a specified destination in this account.
│ │ └ properties
│ │ ├ DeliveryDestinationName: (documentation changed)
│ │ └ DeliveryDestinationPolicy: (documentation changed)
│ └[~] resource AWS::Logs::LogGroup
│ └ properties
│ ├ DataProtectionPolicy: (documentation changed)
│ ├ ResourcePolicyDocument: (documentation changed)
│ └ RetentionInDays: (documentation changed)
├[~] service aws-mediapackagev2
│ └ resources
│ └[~] resource AWS::MediaPackageV2::Channel
│ └ types
│ └[~] type InputSwitchConfiguration
│ └ properties
│ └ MQCSInputSwitching: (documentation changed)
├[~] service aws-networkfirewall
│ └ resources
│ └[~] resource AWS::NetworkFirewall::TLSInspectionConfiguration
│ └ types
│ ├[~] type CheckCertificateRevocationStatus
│ │ └ - documentation: When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a `CertificateAuthorityArn` in [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-servercertificateconfiguration.html) .
│ │ + documentation: When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a `CertificateAuthorityArn` in [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-servercertificateconfiguration.html) .
│ ├[~] type ServerCertificate
│ │ └ - documentation: Any AWS Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html) . Used in a [TLSInspectionConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html) for inspection of inbound traffic to your firewall. You must request or import a SSL/TLS certificate into ACM for each domain Network Firewall needs to decrypt and inspect. AWS Network Firewall uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic going to your firewall. For information about working with certificates in AWS Certificate Manager , see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) or [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .
│ │ + documentation: Any AWS Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html) . Used in a [TLSInspectionConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-tlsinspectionconfiguration.html) for inspection of inbound traffic to your firewall. You must request or import a SSL/TLS certificate into ACM for each domain Network Firewall needs to decrypt and inspect. AWS Network Firewall uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic going to your firewall. For information about working with certificates in AWS Certificate Manager , see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) or [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .
│ └[~] type ServerCertificateConfiguration
│ ├ - documentation: Configures the AWS Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a [TLSInspectionConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html) . You can configure `ServerCertificates` for inbound SSL/TLS inspection, a `CertificateAuthorityArn` for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see [Using SSL/TLS server certficiates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .
│ │ > If a server certificate that's associated with your [TLSInspectionConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html) is revoked, deleted, or expired it can result in client-side TLS errors.
│ │ + documentation: Configures the AWS Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a [TLSInspectionConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-tlsinspectionconfiguration.html) . You can configure `ServerCertificates` for inbound SSL/TLS inspection, a `CertificateAuthorityArn` for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see [Using SSL/TLS server certficiates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .
│ │ > If a server certificate that's associated with your [TLSInspectionConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-tlsinspectionconfiguration.html) is revoked, deleted, or expired it can result in client-side TLS errors.
│ └ properties
│ └ CheckCertificateRevocationStatus: (documentation changed)
├[~] service aws-route53
│ └ resources
│ └[~] resource AWS::Route53::HealthCheck
│ └ - tagInformation: undefined
│ + tagInformation: {"tagPropertyName":"HealthCheckTags","variant":"standard"}
├[~] service aws-s3
│ └ resources
│ ├[~] resource AWS::S3::Bucket
│ │ └ properties
│ │ └ ObjectLockConfiguration: (documentation changed)
│ └[~] resource AWS::S3::BucketPolicy
│ └ - documentation: Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must have the `PutBucketPolicy` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
│ If you don't have `PutBucketPolicy` permissions, Amazon S3 returns a `403 Access Denied` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a `405 Method Not Allowed` error.
│ > As a security precaution, the root user of the AWS account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.
│ When using the `AWS::S3::BucketPolicy` resource, you can create, update, and delete bucket policies for S3 buckets located in regions different from the stack's region. This cross-region bucket policy modification functionality is supported for backward compatibility with existing workflows.
│ > If the [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) is not specified or set to `Delete` , the bucket policy will be removed when the stack is deleted. If set to `Retain` , the bucket policy will be preserved even after the stack is deleted.
│ For example, a CloudFormation stack in `us-east-1` can use the `AWS::S3::BucketPolicy` resource to manage the bucket policy for an S3 bucket in `us-west-2` . The retention or removal of the bucket policy during the stack deletion is determined by the `DeletionPolicy` attribute specified in the stack template.
│ For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) .
│ The following operations are related to `PutBucketPolicy` :
│ - [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
│ - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
│ + documentation: Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must have the `PutBucketPolicy` permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
│ If you don't have `PutBucketPolicy` permissions, Amazon S3 returns a `403 Access Denied` error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a `405 Method Not Allowed` error.
│ > As a security precaution, the root user of the AWS account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.
│ When using the `AWS::S3::BucketPolicy` resource, you can create, update, and delete bucket policies for S3 buckets located in Regions that are different from the stack's Region. However, the CloudFormation stacks should be deployed in the US East (N. Virginia) or `us-east-1` Region. This cross-region bucket policy modification functionality is supported for backward compatibility with existing workflows.
│ > If the [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) is not specified or set to `Delete` , the bucket policy will be removed when the stack is deleted. If set to `Retain` , the bucket policy will be preserved even after the stack is deleted.
│ For example, a CloudFormation stack in `us-east-1` can use the `AWS::S3::BucketPolicy` resource to manage the bucket policy for an S3 bucket in `us-west-2` . The retention or removal of the bucket policy during the stack deletion is determined by the `DeletionPolicy` attribute specified in the stack template.
│ For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) .
│ The following operations are related to `PutBucketPolicy` :
│ - [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
│ - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
├[~] service aws-sagemaker
│ └ resources
│ └[~] resource AWS::SageMaker::Cluster
│ └ types
│ ├[+] type AlarmDetails
│ │ ├ documentation: The details of the alarm to monitor during the AMI update.
│ │ │ name: AlarmDetails
│ │ └ properties
│ │ └ AlarmName: string (required)
│ ├[+] type CapacitySizeConfig
│ │ ├ documentation: The configuration of the size measurements of the AMI update. Using this configuration, you can specify whether SageMaker should update your instance group by an amount or percentage of instances.
│ │ │ name: CapacitySizeConfig
│ │ └ properties
│ │ ├ Type: string (required)
│ │ └ Value: integer (required)
│ ├[~] type ClusterInstanceGroup
│ │ └ properties
│ │ └[+] ScheduledUpdateConfig: ScheduledUpdateConfig
│ ├[+] type DeploymentConfig
│ │ ├ documentation: The deployment configuration for an endpoint, which contains the desired deployment strategy and rollback configurations.
│ │ │ name: DeploymentConfig
│ │ └ properties
│ │ ├ AutoRollbackConfiguration: Array<AlarmDetails>
│ │ ├ RollingUpdatePolicy: RollingUpdatePolicy
│ │ └ WaitIntervalInSeconds: integer
│ ├[+] type RollingUpdatePolicy
│ │ ├ documentation: Specifies a rolling deployment strategy for updating a SageMaker endpoint.
│ │ │ name: RollingUpdatePolicy
│ │ └ properties
│ │ ├ MaximumBatchSize: CapacitySizeConfig (required)
│ │ └ RollbackMaximumBatchSize: CapacitySizeConfig
│ └[+] type ScheduledUpdateConfig
│ ├ documentation: The configuration object of the schedule that SageMaker follows when updating the AMI.
│ │ name: ScheduledUpdateConfig
│ └ properties
│ ├ ScheduleExpression: string (required)
│ └ DeploymentConfig: DeploymentConfig
├[~] service aws-servicediscovery
│ └ resources
│ ├[~] resource AWS::ServiceDiscovery::HttpNamespace
│ │ └ - documentation: The `HttpNamespace` resource is an AWS Cloud Map resource type that contains information about an HTTP namespace. Service instances that you register using an HTTP namespace can be discovered using a `DiscoverInstances` request but can't be discovered using DNS.
│ │ For the current quota on the number of namespaces that you can create using the same AWS account, see [AWS Cloud Map quotas](https://docs.aws.amazon.com/cloud-map/latest/dg/cloud-map-limits.html) in the ** .
│ │ + documentation: Creates an HTTP namespace. Service instances registered using an HTTP namespace can be discovered using a `DiscoverInstances` request but can't be discovered using DNS.
│ │ For the current quota on the number of namespaces that you can create using the same AWS account , see [AWS Cloud Map quotas](https://docs.aws.amazon.com/cloud-map/latest/dg/cloud-map-limits.html) in the *AWS Cloud Map Developer Guide* .
│ ├[~] resource AWS::ServiceDiscovery::Instance
│ │ └ properties
│ │ └ ServiceId: (documentation changed)
│ └[~] resource AWS::ServiceDiscovery::Service
│ ├ - documentation: A complex type that contains information about a service, which defines the configuration of the following entities:
│ │ - For public and private DNS namespaces, one of the following combinations of DNS records in Amazon Route 53:
│ │ - A
│ │ - AAAA
│ │ - A and AAAA
│ │ - SRV
│ │ - CNAME
│ │ - Optionally, a health check
│ │ + documentation: A complex type that contains information about the specified service.
│ ├ properties
│ │ ├ NamespaceId: (documentation changed)
│ │ └ ServiceAttributes: (documentation changed)
│ └ types
│ └[~] type DnsConfig
│ └ properties
│ └ NamespaceId: (documentation changed)
├[~] service aws-ssm
│ └ resources
│ └[~] resource AWS::SSM::PatchBaseline
│ └ properties
│ └ RejectedPatchesAction: (documentation changed)
├[~] service aws-ssmquicksetup
│ └ resources
│ └[~] resource AWS::SSMQuickSetup::ConfigurationManager
│ └ types
│ └[~] type ConfigurationDefinition
│ └ properties
│ └ Parameters: (documentation changed)
├[~] service aws-synthetics
│ └ resources
│ └[~] resource AWS::Synthetics::Canary
│ └ types
│ └[~] type Dependency
│ ├ - documentation: undefined
│ │ + documentation: A structure that contains information about a dependency for a canary.
│ └ properties
│ ├ Reference: (documentation changed)
│ └ Type: (documentation changed)
├[~] service aws-vpclattice
│ └ resources
│ └[~] resource AWS::VpcLattice::ResourceGateway
│ └ properties
│ └[+] Ipv4AddressesPerEni: integer
└[~] service aws-workspacesweb
└ resources
├[~] resource AWS::WorkSpacesWeb::Portal
│ └ properties
│ └ SessionLoggerArn: (documentation changed)
└[~] resource AWS::WorkSpacesWeb::SessionLogger
├ - documentation: Definition of AWS::WorkSpacesWeb::SessionLogger Resource Type
│ + documentation: The session logger resource.
├ properties
│ ├ AdditionalEncryptionContext: (documentation changed)
│ ├ CustomerManagedKey: (documentation changed)
│ ├ DisplayName: (documentation changed)
│ ├ EventFilter: (documentation changed)
│ └ LogConfiguration: (documentation changed)
├ attributes
│ ├ AssociatedPortalArns: (documentation changed)
│ ├ CreationDate: (documentation changed)
│ └ SessionLoggerArn: (documentation changed)
└ types
├[~] type EventFilter
│ ├ - documentation: undefined
│ │ + documentation: The filter that specifies the events to monitor.
│ └ properties
│ ├ All: (documentation changed)
│ └ Include: (documentation changed)
├[~] type LogConfiguration
│ ├ - documentation: undefined
│ │ + documentation: The configuration of the log.
│ └ properties
│ └ S3: (documentation changed)
└[~] type S3LogConfiguration
├ - documentation: undefined
│ + documentation: The S3 log configuration.
└ properties
├ Bucket: (documentation changed)
├ BucketOwner: (documentation changed)
├ FolderStructure: (documentation changed)
├ KeyPrefix: (documentation changed)
└ LogFileFormat: (documentation changed)
```
CHANGES TO L1 RESOURCES: L1 resources are automatically generated from public CloudFormation Resource Schemas. They are build to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
- **aws-ecs**: AWS::ECS::Service: AvailabilityZoneRebalancing property default value changed from "ENABLED" to "DISABLED".1 parent 460a9d8 commit 0d674e4Copy full SHA for 0d674e4
File tree
Expand file treeCollapse file tree
3 files changed
+18
-25
lines changedOpen diff view settings
Filter options
- packages/aws-cdk-lib
- tools/@aws-cdk/spec2cdk
Expand file treeCollapse file tree
3 files changed
+18
-25
lines changedOpen diff view settings
Collapse file
packages/aws-cdk-lib/package.json
Copy file name to clipboardExpand all lines: packages/aws-cdk-lib/package.json+1-1Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
136 | 136 | | |
137 | 137 | | |
138 | 138 | | |
139 | | - | |
| 139 | + | |
140 | 140 | | |
141 | 141 | | |
142 | 142 | | |
| |||
Collapse file
tools/@aws-cdk/spec2cdk/package.json
Copy file name to clipboardExpand all lines: tools/@aws-cdk/spec2cdk/package.json+3-3Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
32 | 32 | | |
33 | 33 | | |
34 | 34 | | |
35 | | - | |
36 | | - | |
37 | | - | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
38 | 38 | | |
39 | 39 | | |
40 | 40 | | |
| |||
Collapse file
+14-21Lines changed: 14 additions & 21 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
66 | 66 | | |
67 | 67 | | |
68 | 68 | | |
69 | | - | |
70 | | - | |
71 | | - | |
72 | | - | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
73 | 73 | | |
74 | | - | |
| 74 | + | |
75 | 75 | | |
76 | 76 | | |
77 | 77 | | |
| |||
122 | 122 | | |
123 | 123 | | |
124 | 124 | | |
125 | | - | |
126 | | - | |
127 | | - | |
128 | | - | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
129 | 129 | | |
130 | | - | |
| 130 | + | |
131 | 131 | | |
132 | 132 | | |
133 | 133 | | |
| |||
138 | 138 | | |
139 | 139 | | |
140 | 140 | | |
141 | | - | |
142 | | - | |
143 | | - | |
144 | | - | |
145 | | - | |
146 | | - | |
147 | | - | |
148 | 141 | | |
149 | 142 | | |
150 | 143 | | |
151 | 144 | | |
152 | 145 | | |
153 | 146 | | |
154 | 147 | | |
155 | | - | |
156 | | - | |
157 | | - | |
158 | | - | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
159 | 152 | | |
160 | 153 | | |
161 | 154 | | |
| |||
0 commit comments