Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: update L1 CloudFormation resource definitions (#31640)
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-amazonmq
│ └ resources
│ └[~] resource AWS::AmazonMQ::Configuration
│ └ attributes
│ └ Revision: - integer
│ + string ⇐ integer
├[~] service aws-apigatewayv2
│ └ resources
│ └[~] resource AWS::ApiGatewayV2::Integration
│ ├ attributes
│ │ └[-] Id: string
│ └ types
│ └[~] type ResponseParameter
│ ├ - documentation: response parameter
│ │ + documentation: Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match the pattern `<action>:<header>.<location>` or `overwrite.statuscode` . The action can be `append` , `overwrite` or `remove` . The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see [Transforming API requests and responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) .
│ └ properties
│ ├ Destination: (documentation changed)
│ └ Source: (documentation changed)
├[~] service aws-autoscaling
│ └ resources
│ └[~] resource AWS::AutoScaling::ScalingPolicy
│ └ types
│ ├[~] type TargetTrackingMetricDataQuery
│ │ └ - documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp.
│ │ You can use `TargetTrackingMetricDataQuery` structures with a `PutScalingPolicy` operation when you specify a `TargetTrackingConfiguration` in the request.
│ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series.
│ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* .
│ │ + documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp.
│ │ You can use `TargetTrackingMetricDataQuery` structures with a [PutScalingPolicy](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutScalingPolicy.html) operation when you specify a [TargetTrackingConfiguration](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_TargetTrackingConfiguration.html) in the request.
│ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series.
│ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* .
│ └[~] type TargetTrackingMetricStat
│ └ - documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit.
│ `TargetTrackingMetricStat` is a property of the `TargetTrackingMetricDataQuery` object.
│ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* .
│ + documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit.
│ `TargetTrackingMetricStat` is a property of the [TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_TargetTrackingMetricDataQuery.html) object.
│ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* .
├[~] service aws-b2bi
│ └ resources
│ ├[~] resource AWS::B2BI::Capability
│ │ └ types
│ │ └[~] type EdiConfiguration
│ │ └ properties
│ │ └[+] CapabilityDirection: string
│ ├[~] resource AWS::B2BI::Partnership
│ │ ├ properties
│ │ │ ├ Capabilities: - Array<string>
│ │ │ │ + Array<string> (required)
│ │ │ └[+] CapabilityOptions: CapabilityOptions
│ │ └ types
│ │ ├[+] type CapabilityOptions
│ │ │ ├ name: CapabilityOptions
│ │ │ └ properties
│ │ │ └OutboundEdi: OutboundEdiOptions
│ │ ├[+] type OutboundEdiOptions
│ │ │ ├ name: OutboundEdiOptions
│ │ │ └ properties
│ │ │ └X12: X12Envelope (required)
│ │ ├[+] type X12Delimiters
│ │ │ ├ name: X12Delimiters
│ │ │ └ properties
│ │ │ ├ComponentSeparator: string
│ │ │ ├DataElementSeparator: string
│ │ │ └SegmentTerminator: string
│ │ ├[+] type X12Envelope
│ │ │ ├ name: X12Envelope
│ │ │ └ properties
│ │ │ └Common: X12OutboundEdiHeaders
│ │ ├[+] type X12FunctionalGroupHeaders
│ │ │ ├ name: X12FunctionalGroupHeaders
│ │ │ └ properties
│ │ │ ├ApplicationSenderCode: string
│ │ │ ├ApplicationReceiverCode: string
│ │ │ └ResponsibleAgencyCode: string
│ │ ├[+] type X12InterchangeControlHeaders
│ │ │ ├ name: X12InterchangeControlHeaders
│ │ │ └ properties
│ │ │ ├SenderIdQualifier: string
│ │ │ ├SenderId: string
│ │ │ ├ReceiverIdQualifier: string
│ │ │ ├ReceiverId: string
│ │ │ ├RepetitionSeparator: string
│ │ │ ├AcknowledgmentRequestedCode: string
│ │ │ └UsageIndicatorCode: string
│ │ └[+] type X12OutboundEdiHeaders
│ │ ├ name: X12OutboundEdiHeaders
│ │ └ properties
│ │ ├InterchangeControlHeaders: X12InterchangeControlHeaders
│ │ ├FunctionalGroupHeaders: X12FunctionalGroupHeaders
│ │ ├Delimiters: X12Delimiters
│ │ └ValidateEdi: boolean
│ └[~] resource AWS::B2BI::Transformer
│ ├ properties
│ │ ├ EdiType: - EdiType (required)
│ │ │ + EdiType (deprecated=WARN)
│ │ ├ FileFormat: - string (required)
│ │ │ + string (deprecated=WARN)
│ │ ├[+] InputConversion: InputConversion
│ │ ├[+] Mapping: Mapping
│ │ ├ MappingTemplate: - string (required)
│ │ │ + string (deprecated=WARN)
│ │ ├[+] OutputConversion: OutputConversion
│ │ ├ SampleDocument: - string
│ │ │ + string (deprecated=WARN)
│ │ └[+] SampleDocuments: SampleDocuments
│ └ types
│ ├[+] type FormatOptions
│ │ ├ name: FormatOptions
│ │ └ properties
│ │ └X12: X12Details (required)
│ ├[+] type InputConversion
│ │ ├ name: InputConversion
│ │ └ properties
│ │ ├FromFormat: string (required)
│ │ └FormatOptions: FormatOptions
│ ├[+] type Mapping
│ │ ├ name: Mapping
│ │ └ properties
│ │ ├TemplateLanguage: string (required)
│ │ └Template: string
│ ├[+] type OutputConversion
│ │ ├ name: OutputConversion
│ │ └ properties
│ │ ├ToFormat: string (required)
│ │ └FormatOptions: FormatOptions
│ ├[+] type SampleDocumentKeys
│ │ ├ name: SampleDocumentKeys
│ │ └ properties
│ │ ├Input: string
│ │ └Output: string
│ └[+] type SampleDocuments
│ ├ name: SampleDocuments
│ └ properties
│ ├BucketName: string (required)
│ └Keys: Array<SampleDocumentKeys> (required)
├[~] service aws-batch
│ └ resources
│ └[~] resource AWS::Batch::JobDefinition
│ └ types
│ ├[~] type EcsProperties
│ │ └ properties
│ │ └ TaskProperties: (documentation changed)
│ └[~] type PodProperties
│ └ properties
│ ├ Containers: (documentation changed)
│ └ InitContainers: (documentation changed)
├[~] service aws-bedrock
│ └ resources
│ ├[~] resource AWS::Bedrock::Flow
│ │ └ types
│ │ ├[~] type KnowledgeBaseFlowNodeConfiguration
│ │ │ └ properties
│ │ │ └ ModelId: (documentation changed)
│ │ └[~] type PromptFlowNodeInlineConfiguration
│ │ └ properties
│ │ └ ModelId: (documentation changed)
│ ├[~] resource AWS::Bedrock::FlowVersion
│ │ └ types
│ │ ├[~] type KnowledgeBaseFlowNodeConfiguration
│ │ │ └ properties
│ │ │ └ ModelId: (documentation changed)
│ │ └[~] type PromptFlowNodeInlineConfiguration
│ │ └ properties
│ │ └ ModelId: (documentation changed)
│ ├[~] resource AWS::Bedrock::KnowledgeBase
│ │ ├ attributes
│ │ │ ├ CreatedAt: (documentation changed)
│ │ │ └ UpdatedAt: (documentation changed)
│ │ └ types
│ │ └[~] type KnowledgeBaseConfiguration
│ │ └ properties
│ │ └ VectorKnowledgeBaseConfiguration: (documentation changed)
│ ├[~] resource AWS::Bedrock::Prompt
│ │ └ types
│ │ └[~] type PromptVariant
│ │ └ properties
│ │ └ ModelId: (documentation changed)
│ └[~] resource AWS::Bedrock::PromptVersion
│ └ types
│ └[~] type PromptVariant
│ └ properties
│ └ ModelId: (documentation changed)
├[~] service aws-cloudformation
│ └ resources
│ └[~] resource AWS::CloudFormation::HookTypeConfig
│ └ properties
│ ├ Configuration: (documentation changed)
│ ├ TypeArn: (documentation changed)
│ └ TypeName: (documentation changed)
├[~] service aws-cloudtrail
│ └ resources
│ ├[~] resource AWS::CloudTrail::EventDataStore
│ │ └ types
│ │ ├[~] type AdvancedEventSelector
│ │ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .
│ │ │ You cannot apply both event selectors and advanced event selectors to a trail.
│ │ │ *Supported CloudTrail event record fields for management events*
│ │ │ - `eventCategory` (required)
│ │ │ - `eventSource`
│ │ │ - `readOnly`
│ │ │ *Supported CloudTrail event record fields for data events*
│ │ │ - `eventCategory` (required)
│ │ │ - `resources.type` (required)
│ │ │ - `readOnly`
│ │ │ - `eventName`
│ │ │ - `resources.ARN`
│ │ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│ │ │ + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│ │ │ You cannot apply both event selectors and advanced event selectors to a trail.
│ │ │ *Supported CloudTrail event record fields for management events*
│ │ │ - `eventCategory` (required)
│ │ │ - `eventSource`
│ │ │ - `readOnly`
│ │ │ *Supported CloudTrail event record fields for data events*
│ │ │ - `eventCategory` (required)
│ │ │ - `resources.type` (required)
│ │ │ - `readOnly`
│ │ │ - `eventName`
│ │ │ - `resources.ARN`
│ │ │ *Supported CloudTrail event record fields for network activity events*
│ │ │ > Network activity events is in preview release for CloudTrail and is subject to change.
│ │ │ - `eventCategory` (required)
│ │ │ - `eventSource` (required)
│ │ │ - `eventName`
│ │ │ - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│ │ │ - `vpcEndpointId`
│ │ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│ │ └[~] type AdvancedFieldSelector
│ │ └ properties
│ │ └ Field: (documentation changed)
│ └[~] resource AWS::CloudTrail::Trail
│ ├ properties
│ │ └ AdvancedEventSelectors: (documentation changed)
│ └ types
│ ├[~] type AdvancedEventSelector
│ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .
│ │ You cannot apply both event selectors and advanced event selectors to a trail.
│ │ *Supported CloudTrail event record fields for management events*
│ │ - `eventCategory` (required)
│ │ - `eventSource`
│ │ - `readOnly`
│ │ *Supported CloudTrail event record fields for data events*
│ │ - `eventCategory` (required)
│ │ - `resources.type` (required)
│ │ - `readOnly`
│ │ - `eventName`
│ │ - `resources.ARN`
│ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│ │ + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│ │ You cannot apply both event selectors and advanced event selectors to a trail.
│ │ *Supported CloudTrail event record fields for management events*
│ │ - `eventCategory` (required)
│ │ - `eventSource`
│ │ - `readOnly`
│ │ *Supported CloudTrail event record fields for data events*
│ │ - `eventCategory` (required)
│ │ - `resources.type` (required)
│ │ - `readOnly`
│ │ - `eventName`
│ │ - `resources.ARN`
│ │ *Supported CloudTrail event record fields for network activity events*
│ │ > Network activity events is in preview release for CloudTrail and is subject to change.
│ │ - `eventCategory` (required)
│ │ - `eventSource` (required)
│ │ - `eventName`
│ │ - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│ │ - `vpcEndpointId`
│ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│ ├[~] type AdvancedFieldSelector
│ │ └ properties
│ │ └ Field: (documentation changed)
│ └[~] type DataResource
│ └ properties
│ └ Type: (documentation changed)
├[~] service aws-datasync
│ └ resources
│ └[~] resource AWS::DataSync::LocationS3
│ └ - documentation: The `AWS::DataSync::LocationS3` resource specifies an endpoint for an Amazon S3 bucket.
│ For more information, see [Create an Amazon S3 location](https://docs.aws.amazon.com/datasync/latest/userguide/create-locations-cli.html#create-location-s3-cli) in the *AWS DataSync User Guide* .
│ + documentation: The `AWS::DataSync::LocationS3` resource specifies an endpoint for an Amazon S3 bucket.
│ For more information, see the [*AWS DataSync User Guide*](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) .
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::NatGateway
│ │ └ properties
│ │ └ SecondaryAllocationIds: (documentation changed)
│ ├[~] resource AWS::EC2::TransitGateway
│ │ └ properties
│ │ └[+] SecurityGroupReferencingSupport: string
│ ├[~] resource AWS::EC2::TransitGatewayAttachment
│ │ └ types
│ │ └[~] type Options
│ │ └ properties
│ │ └[+] SecurityGroupReferencingSupport: string
│ ├[~] resource AWS::EC2::TransitGatewayVpcAttachment
│ │ └ types
│ │ └[~] type Options
│ │ └ properties
│ │ └[+] SecurityGroupReferencingSupport: string
│ └[~] resource AWS::EC2::VPCEndpoint
│ └ properties
│ └ PolicyDocument: (documentation changed)
├[~] service aws-ecs
│ └ resources
│ ├[~] resource AWS::ECS::Service
│ │ └ types
│ │ └[~] type LogConfiguration
│ │ └ properties
│ │ └ Options: (documentation changed)
│ └[~] resource AWS::ECS::TaskDefinition
│ └ types
│ └[~] type LogConfiguration
│ └ properties
│ └ Options: (documentation changed)
├[~] service aws-eks
│ └ resources
│ └[~] resource AWS::EKS::Cluster
│ ├ properties
│ │ └[+] ZonalShiftConfig: ZonalShiftConfig
│ └ types
│ └[+] type ZonalShiftConfig
│ ├ documentation: The current zonal shift configuration to use for the cluster.
│ │ name: ZonalShiftConfig
│ └ properties
│ └Enabled: boolean
├[~] service aws-elasticloadbalancingv2
│ └ resources
│ └[~] resource AWS::ElasticLoadBalancingV2::Listener
│ └ properties
│ └ ListenerAttributes: (documentation changed)
├[~] service aws-glue
│ └ resources
│ ├[~] resource AWS::Glue::Crawler
│ ├[~] resource AWS::Glue::Job
│ │ └ properties
│ │ ├[+] JobMode: string
│ │ └[+] JobRunQueuingEnabled: boolean
│ └[+] resource AWS::Glue::UsageProfile
│ ├ name: UsageProfile
│ │ cloudFormationType: AWS::Glue::UsageProfile
│ │ documentation: Creates an AWS Glue usage profile.
│ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ ├ properties
│ │ ├Name: string (required, immutable)
│ │ ├Description: string
│ │ └Tags: Array<tag>
│ └ attributes
│ └CreatedOn: string
├[~] service aws-iotfleetwise
│ └ resources
│ └[~] resource AWS::IoTFleetWise::Campaign
│ └ properties
│ └ Action: - string (required)
│ + string
├[~] service aws-iottwinmaker
│ └ resources
│ └[~] resource AWS::IoTTwinMaker::Scene
│ └ properties
│ └ WorkspaceId: (documentation changed)
├[~] service aws-iotwireless
│ └ resources
│ └[~] resource AWS::IoTWireless::WirelessDevice
│ └ types
│ └[~] type OtaaV10x
│ └ - documentation: undefined
│ + documentation: OTAA device object for v1.0.x
├[~] service aws-kinesisfirehose
│ └ resources
│ └[~] resource AWS::KinesisFirehose::DeliveryStream
│ ├ properties
│ │ ├ DeliveryStreamName: (documentation changed)
│ │ ├ DeliveryStreamType: (documentation changed)
│ │ ├ IcebergDestinationConfiguration: (documentation changed)
│ │ └ Tags: (documentation changed)
│ └ types
│ ├[~] type AmazonOpenSearchServerlessBufferingHints
│ │ └ properties
│ │ └ SizeInMBs: (documentation changed)
│ ├[~] type CatalogConfiguration
│ │ ├ - documentation: Describes the containers where the destination Apache Iceberg Tables are persisted.
│ │ │ Amazon Data Firehose is in preview release and is subject to change.
│ │ │ + documentation: Describes the containers where the destination Apache Iceberg Tables are persisted.
│ │ └ properties
│ │ └ CatalogArn: (documentation changed)
│ ├[~] type DestinationTableConfiguration
│ │ ├ - documentation: Describes the configuration of a destination in Apache Iceberg Tables.
│ │ │ Amazon Data Firehose is in preview release and is subject to change.
│ │ │ + documentation: Describes the configuration of a destination in Apache Iceberg Tables.
│ │ └ properties
│ │ ├ DestinationDatabaseName: (documentation changed)
│ │ ├ DestinationTableName: (documentation changed)
│ │ ├ S3ErrorOutputPrefix: (documentation changed)
│ │ └ UniqueKeys: (documentation changed)
│ ├[~] type ExtendedS3DestinationConfiguration
│ │ └ properties
│ │ ├ CloudWatchLoggingOptions: (documentation changed)
│ │ └ S3BackupMode: (documentation changed)
│ ├[~] type IcebergDestinationConfiguration
│ │ ├ - documentation: Specifies the destination configure settings for Apache Iceberg Table.
│ │ │ Amazon Data Firehose is in preview release and is subject to change.
│ │ │ + documentation: Specifies the destination configure settings for Apache Iceberg Table.
│ │ └ properties
│ │ ├ CatalogConfiguration: (documentation changed)
│ │ ├ DestinationTableConfigurationList: (documentation changed)
│ │ ├ RoleARN: (documentation changed)
│ │ └ s3BackupMode: (documentation changed)
│ ├[~] type RedshiftDestinationConfiguration
│ │ └ properties
│ │ ├ CloudWatchLoggingOptions: (documentation changed)
│ │ └ S3BackupMode: (documentation changed)
│ ├[~] type S3DestinationConfiguration
│ │ └ properties
│ │ └ CloudWatchLoggingOptions: (documentation changed)
│ ├[~] type SecretsManagerConfiguration
│ │ └ properties
│ │ ├ Enabled: (documentation changed)
│ │ └ SecretARN: (documentation changed)
│ ├[~] type SnowflakeBufferingHints
│ │ └ properties
│ │ └ SizeInMBs: (documentation changed)
│ └[~] type SplunkDestinationConfiguration
│ └ properties
│ └ CloudWatchLoggingOptions: (documentation changed)
├[~] service aws-lambda
│ └ resources
│ ├[~] resource AWS::Lambda::CodeSigningConfig
│ │ └ properties
│ │ └ Tags: (documentation changed)
│ ├[~] resource AWS::Lambda::EventSourceMapping
│ │ ├ properties
│ │ │ └ Tags: (documentation changed)
│ │ └ attributes
│ │ └ EventSourceMappingArn: (documentation changed)
│ ├[~] resource AWS::Lambda::Function
│ │ └ properties
│ │ └ Tags: (documentation changed)
│ └[~] resource AWS::Lambda::Permission
│ └ properties
│ └ Principal: (documentation changed)
├[~] service aws-logs
│ └ resources
│ └[~] resource AWS::Logs::QueryDefinition
│ └ properties
│ └ Name: (documentation changed)
├[~] service aws-mediaconnect
│ └ resources
│ └[~] resource AWS::MediaConnect::FlowOutput
│ └ properties
│ └ OutputStatus: (documentation changed)
├[~] service aws-medialive
│ └ resources
│ └[~] resource AWS::MediaLive::Channel
│ └ types
│ ├[~] type H264Settings
│ │ └ properties
│ │ └[+] MinQp: integer
│ └[~] type H265Settings
│ └ properties
│ └[+] MinQp: integer
├[~] service aws-organizations
│ └ resources
│ └[~] resource AWS::Organizations::Policy
│ └ properties
│ └ Content: (documentation changed)
├[~] service aws-pipes
│ └ resources
│ └[~] resource AWS::Pipes::Pipe
│ └ types
│ └[~] type PipeTargetTimestreamParameters
│ └ properties
│ └ TimestampFormat: (documentation changed)
├[~] service aws-quicksight
│ └ resources
│ ├[~] resource AWS::QuickSight::Analysis
│ │ └ types
│ │ ├[~] type DefaultDateTimePickerControlOptions
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type DefaultFilterDropDownControlOptions
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type DefaultRelativeDateTimeControlOptions
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type FilterDateTimePickerControl
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type FilterDropDownControl
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type FilterRelativeDateTimeControl
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ └[~] type ParameterDropDownControl
│ │ └ properties
│ │ └[+] CommitMode: string
│ ├[~] resource AWS::QuickSight::Dashboard
│ │ └ types
│ │ ├[~] type DefaultDateTimePickerControlOptions
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type DefaultFilterDropDownControlOptions
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type DefaultRelativeDateTimeControlOptions
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type FilterDateTimePickerControl
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type FilterDropDownControl
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ ├[~] type FilterRelativeDateTimeControl
│ │ │ └ properties
│ │ │ └[+] CommitMode: string
│ │ └[~] type ParameterDropDownControl
│ │ └ properties
│ │ └[+] CommitMode: string
│ ├[+] resource AWS::QuickSight::Folder
│ │ ├ name: Folder
│ │ │ cloudFormationType: AWS::QuickSight::Folder
│ │ │ documentation: Definition of the AWS::QuickSight::Folder Resource Type.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ ├ properties
│ │ │ ├AwsAccountId: string (immutable)
│ │ │ ├FolderId: string (immutable)
│ │ │ ├FolderType: string (immutable)
│ │ │ ├Name: string
│ │ │ ├ParentFolderArn: string (immutable)
│ │ │ ├Permissions: Array<ResourcePermission>
│ │ │ ├SharingModel: string (immutable)
│ │ │ └Tags: Array<tag>
│ │ ├ attributes
│ │ │ ├Arn: string
│ │ │ ├CreatedTime: string
│ │ │ └LastUpdatedTime: string
│ │ └ types
│ │ └type ResourcePermission
│ │ ├ documentation: <p>Permission for the resource.</p>
│ │ │ name: ResourcePermission
│ │ └ properties
│ │ ├Principal: string (required)
│ │ └Actions: Array<string> (required)
│ └[~] resource AWS::QuickSight::Template
│ └ types
│ ├[~] type DefaultDateTimePickerControlOptions
│ │ └ properties
│ │ └[+] CommitMode: string
│ ├[~] type DefaultFilterDropDownControlOptions
│ │ └ properties
│ │ └[+] CommitMode: string
│ ├[~] type DefaultRelativeDateTimeControlOptions
│ │ └ properties
│ │ └[+] CommitMode: string
│ ├[~] type FilterDateTimePickerControl
│ │ └ properties
│ │ └[+] CommitMode: string
│ ├[~] type FilterDropDownControl
│ │ └ properties
│ │ └[+] CommitMode: string
│ ├[~] type FilterRelativeDateTimeControl
│ │ └ properties
│ │ └[+] CommitMode: string
│ └[~] type ParameterDropDownControl
│ └ properties
│ └[+] CommitMode: string
├[~] service aws-rds
│ └ resources
│ └[~] resource AWS::RDS::GlobalCluster
│ ├ - tagInformation: undefined
│ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ └ properties
│ └[+] Tags: Array<tag>
├[~] service aws-route53resolver
│ └ resources
│ └[~] resource AWS::Route53Resolver::ResolverRule
│ └ types
│ └[~] type TargetAddress
│ └ properties
│ └ Protocol: (documentation changed)
├[~] service aws-s3
│ └ resources
│ └[~] resource AWS::S3::Bucket
│ └ types
│ ├[~] type ServerSideEncryptionByDefault
│ │ ├ - documentation: Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference* .
│ │ │ > If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
│ │ │ + documentation: Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) .
│ │ │ > - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( `aws/s3` ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.
│ │ │ > - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported.
│ │ │ > - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.
│ │ └ properties
│ │ ├ KMSMasterKeyID: (documentation changed)
│ │ └ SSEAlgorithm: (documentation changed)
│ └[~] type ServerSideEncryptionRule
│ └ - documentation: Specifies the default server-side encryption configuration.
│ > If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
│ + documentation: Specifies the default server-side encryption configuration.
│ > - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
│ > - *Directory buckets* - When you specify an [AWS KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
├[~] service aws-s3express
│ └ resources
│ └[~] resource AWS::S3Express::DirectoryBucket
│ ├ - documentation: The `AWS::S3Express::DirectoryBucket` resource creates an Amazon S3 directory bucket in the same AWS Region where you create the AWS CloudFormation stack.
│ │ To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
│ │ > You can only delete empty buckets. Deletion fails for buckets that have contents.
│ │ - **Permissions** - The required permissions for CloudFormation to use are based on the operations that are performed on the stack.
│ │ - Create
│ │ - s3express:CreateBucket
│ │ - s3express:ListAllMyDirectoryBuckets
│ │ - Read
│ │ - s3express:ListAllMyDirectoryBuckets
│ │ - Delete
│ │ - s3express:DeleteBucket
│ │ - s3express:ListAllMyDirectoryBuckets
│ │ - List
│ │ - s3express:ListAllMyDirectoryBuckets
│ │ The following operations are related to `AWS::S3Express::DirectoryBucket` :
│ │ - [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
│ │ - [ListDirectoryBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListDirectoryBuckets.html)
│ │ - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
│ │ + documentation: The `AWS::S3Express::DirectoryBucket` resource creates an Amazon S3 directory bucket in the same AWS Region where you create the AWS CloudFormation stack.
│ │ To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
│ │ > You can only delete empty buckets. Deletion fails for buckets that have contents.
│ │ - **Permissions** - The required permissions for CloudFormation to use are based on the operations that are performed on the stack.
│ │ - Create
│ │ - s3express:CreateBucket
│ │ - s3express:ListAllMyDirectoryBuckets
│ │ - Read
│ │ - s3express:ListAllMyDirectoryBuckets
│ │ - ec2:DescribeAvailabilityZones
│ │ - Delete
│ │ - s3express:DeleteBucket
│ │ - s3express:ListAllMyDirectoryBuckets
│ │ - List
│ │ - s3express:ListAllMyDirectoryBuckets
│ │ - PutBucketEncryption
│ │ - s3express:PutEncryptionConfiguration
│ │ - To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and AWS KMS key policies for the target AWS KMS key.
│ │ - GetBucketEncryption
│ │ - s3express:GetBucketEncryption
│ │ - DeleteBucketEncryption
│ │ - s3express:PutEncryptionConfiguration
│ │ The following operations are related to `AWS::S3Express::DirectoryBucket` :
│ │ - [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
│ │ - [ListDirectoryBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListDirectoryBuckets.html)
│ │ - [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
│ ├ properties
│ │ ├[+] BucketEncryption: BucketEncryption
│ │ └ BucketName: (documentation changed)
│ ├ attributes
│ │ ├ Arn: (documentation changed)
│ │ └[+] AvailabilityZoneName: string
│ └ types
│ ├[+] type BucketEncryption
│ │ ├ documentation: Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS).
│ │ │ name: BucketEncryption
│ │ └ properties
│ │ └ServerSideEncryptionConfiguration: Array<ServerSideEncryptionRule> (required)
│ ├[+] type ServerSideEncryptionByDefault
│ │ ├ documentation: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.
│ │ │ name: ServerSideEncryptionByDefault
│ │ └ properties
│ │ └SSEAlgorithm: string (required)
│ └[+] type ServerSideEncryptionRule
│ ├ documentation: Specifies the default server-side encryption configuration.
│ │ name: ServerSideEncryptionRule
│ └ properties
│ ├BucketKeyEnabled: boolean
│ └ServerSideEncryptionByDefault: ServerSideEncryptionByDefault
├[~] service aws-sagemaker
│ └ resources
│ └[~] resource AWS::SageMaker::ImageVersion
│ ├ properties
│ │ └[+] Version: integer
│ └ attributes
│ └ Version: (documentation changed)
├[~] service aws-secretsmanager
│ └ resources
│ ├[~] resource AWS::SecretsManager::RotationSchedule
│ │ ├ - documentation: Sets the rotation schedule and Lambda rotation function for a secret. For more information, see [How rotation works](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) .
│ │ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .
│ │ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .
│ │ │ For the rotation function, you have two options:
│ │ │ - You can create a new rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) by using `HostedRotationLambda` .
│ │ │ - You can choose an existing rotation function by using `RotationLambdaARN` .
│ │ │ For database secrets, if you define both the secret and the database or service in the AWS CloudFormation template, then you need to define the [AWS::SecretsManager::SecretTargetAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html) resource to populate the secret with the connection details of the database or service before you attempt to configure rotation.
│ │ │ + documentation: Sets the rotation schedule and Lambda rotation function for a secret. For more information, see [How rotation works](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) .
│ │ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .
│ │ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .
│ │ │ For the rotation function, you have two options:
│ │ │ - You can create a new rotation function based on one of the [Secrets Manager rotation function templates](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html) by using `HostedRotationLambda` .
│ │ │ - You can choose an existing rotation function by using `RotationLambdaARN` .
│ │ │ For database secrets, if you define both the secret and the database or service in the AWS CloudFormation template, then you need to define the [AWS::SecretsManager::SecretTargetAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html) resource to populate the secret with the connection details of the database or service before you attempt to configure rotation.
│ │ │ For a single secret, you can only define one rotation schedule with it.
│ │ └ properties
│ │ └ SecretId: (documentation changed)
│ └[~] resource AWS::SecretsManager::SecretTargetAttachment
│ ├ - documentation: The `AWS::SecretsManager::SecretTargetAttachment` resource completes the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON. If you want to turn on automatic rotation for a database credential secret, the secret must contain the database connection information. For more information, see [JSON structure of Secrets Manager database credential secrets](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html) .
│ │ When you remove a `SecretTargetAttachment` from a stack, Secrets Manager removes the database connection information from the secret with a `PutSecretValue` call.
│ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .
│ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .
│ │ + documentation: The `AWS::SecretsManager::SecretTargetAttachment` resource completes the final link between a Secrets Manager secret and the associated database by adding the database connection information to the secret JSON. If you want to turn on automatic rotation for a database credential secret, the secret must contain the database connection information. For more information, see [JSON structure of Secrets Manager database credential secrets](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html) .
│ │ A single secret resource can only have one target attached to it.
│ │ When you remove a `SecretTargetAttachment` from a stack, Secrets Manager removes the database connection information from the secret with a `PutSecretValue` call.
│ │ For Amazon RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html) .
│ │ For Amazon Redshift admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html) .
│ └ properties
│ └ SecretId: (documentation changed)
├[~] service aws-securityhub
│ └ resources
│ ├[~] resource AWS::SecurityHub::AutomationRule
│ │ └ types
│ │ ├[~] type SeverityUpdate
│ │ │ └ properties
│ │ │ └ Normalized: (documentation changed)
│ │ └[~] type WorkflowUpdate
│ │ └ properties
│ │ └ Status: (documentation changed)
│ ├[~] resource AWS::SecurityHub::FindingAggregator
│ │ ├ properties
│ │ │ └ Regions: (documentation changed)
│ │ └ attributes
│ │ └ FindingAggregationRegion: (documentation changed)
│ └[~] resource AWS::SecurityHub::Insight
│ └ types
│ └[~] type AwsSecurityFindingFilters
│ └ properties
│ ├ SeverityNormalized: (documentation changed)
│ └ WorkflowStatus: (documentation changed)
├[~] service aws-ses
│ └ resources
│ └[~] resource AWS::SES::MailManagerRuleSet
│ └ types
│ └[~] type RuleStringToEvaluate
│ ├ - documentation: The string to evaluate in a string condition expression.
│ │ + documentation: The string to evaluate in a string condition expression.
│ │ > This data type is a UNION, so only one of the following members can be specified when used or returned.
│ └ properties
│ ├ Attribute: - string (required)
│ │ + string
│ └[+] MimeHeaderAttribute: string
├[~] service aws-sqs
│ └ resources
│ └[~] resource AWS::SQS::Queue
│ ├ - documentation: The `AWS::SQS::Queue` resource creates an Amazon SQS standard or FIFO queue.
│ │ Keep the following caveats in mind:
│ │ - If you don't specify the `FifoQueue` property, Amazon SQS creates a standard queue.
│ │ > You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Amazon SQS Developer Guide* .
│ │ - If you don't provide a value for a property, the queue is created with the default value for the property.
│ │ - If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name.
│ │ - To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues.
│ │ For more information about creating FIFO (first-in-first-out) queues, see [Creating an Amazon SQS queue ( AWS CloudFormation )](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/screate-queue-cloudformation.html) in the *Amazon SQS Developer Guide* .
│ │ + documentation: The `AWS::SQS::Queue` resource creates an Amazon SQS standard or FIFO queue.
│ │ Keep the following caveats in mind:
│ │ - If you don't specify the `FifoQueue` property, Amazon SQS creates a standard queue.
│ │ > You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Amazon SQS Developer Guide* .
│ │ - If you don't provide a value for a property, the queue is created with the default value for the property.
│ │ - If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name.
│ │ - To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues.
│ │ For more information about creating FIFO (first-in-first-out) queues, see [Creating an Amazon SQS queue ( AWS CloudFormation )](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/create-queue-cloudformation.html) in the *Amazon SQS Developer Guide* .
│ └ properties
│ ├ FifoQueue: (documentation changed)
│ ├ KmsMasterKeyId: (documentation changed)
│ └ QueueName: (documentation changed)
├[~] service aws-ssm
│ └ resources
│ └[~] resource AWS::SSM::PatchBaseline
│ └ properties
│ └ GlobalFilters: (documentation changed)
├[~] service aws-synthetics
│ └ resources
│ └[~] resource AWS::Synthetics::Canary
│ └ properties
│ └[+] ResourcesToReplicateTags: Array<string>
├[~] service aws-waf
│ └ resources
│ ├[~] resource AWS::WAF::ByteMatchSet
│ │ └ types
│ │ ├[~] type ByteMatchTuple
│ │ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ │ >
│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ │ The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.
│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│ │ │ >
│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ │ >
│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ │ The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.
│ │ └[~] type FieldToMatch
│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ Specifies where in a web request to look for `TargetString` .
│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│ │ >
│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ Specifies where in a web request to look for `TargetString` .
│ ├[~] resource AWS::WAF::IPSet
│ │ ├ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ │ >
│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ │ Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128.
│ │ │ To specify an individual IP address, you specify the four-part IP address followed by a `/32` , for example, 192.0.2.0/32. To block a range of IP addresses, you can specify /8 or any range between /16 through /32 (for IPv4) or /24, /32, /48, /56, /64, or /128 (for IPv6). For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) .
│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│ │ │ >
│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ │ >
│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ │ Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128.
│ │ │ To specify an individual IP address, you specify the four-part IP address followed by a `/32` , for example, 192.0.2.0/32. To block a range of IP addresses, you can specify /8 or any range between /16 through /32 (for IPv4) or /24, /32, /48, /56, /64, or /128 (for IPv6). For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) .
│ │ └ types
│ │ └[~] type IPSetDescriptor
│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ Specifies the IP address type ( `IPV4` or `IPV6` ) and the IP address range (in CIDR format) that web requests originate from.
│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│ │ >
│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ Specifies the IP address type ( `IPV4` or `IPV6` ) and the IP address range (in CIDR format) that web requests originate from.
│ ├[~] resource AWS::WAF::SizeConstraintSet
│ │ ├ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ │ >
│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ │ A complex type that contains `SizeConstraint` objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a `SizeConstraintSet` contains more than one `SizeConstraint` object, a request only needs to match one constraint to be considered a match.
│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│ │ │ >
│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ │ >
│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ │ A complex type that contains `SizeConstraint` objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a `SizeConstraintSet` contains more than one `SizeConstraint` object, a request only needs to match one constraint to be considered a match.
│ │ └ types
│ │ └[~] type SizeConstraint
│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ Specifies a constraint on the size of a part of the web request. AWS WAF uses the `Size` , `ComparisonOperator` , and `FieldToMatch` to build an expression in the form of " `Size` `ComparisonOperator` size in bytes of `FieldToMatch` ". If that expression is true, the `SizeConstraint` is considered to match.
│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│ │ >
│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ Specifies a constraint on the size of a part of the web request. AWS WAF uses the `Size` , `ComparisonOperator` , and `FieldToMatch` to build an expression in the form of " `Size` `ComparisonOperator` size in bytes of `FieldToMatch` ". If that expression is true, the `SizeConstraint` is considered to match.
│ ├[~] resource AWS::WAF::SqlInjectionMatchSet
│ │ ├ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ │ >
│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ │ A complex type that contains `SqlInjectionMatchTuple` objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a `SqlInjectionMatchSet` contains more than one `SqlInjectionMatchTuple` object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match.
│ │ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│ │ │ >
│ │ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ │ >
│ │ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ │ A complex type that contains `SqlInjectionMatchTuple` objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a `SqlInjectionMatchSet` contains more than one `SqlInjectionMatchTuple` object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match.
│ │ └ types
│ │ └[~] type SqlInjectionMatchTuple
│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│ │ >
│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
│ ├[~] resource AWS::WAF::WebACL
│ │ └ types
│ │ └[~] type WafAction
│ │ └ - documentation: > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
│ │ For the action that is associated with a rule in a `WebACL` , specifies the action that you want AWS WAF to perform when a web request matches all of the conditions in a rule. For the default action in a `WebACL` , specifies the action that you want AWS WAF to take when a web request doesn't match all of the conditions in any of the rules in a `WebACL` .
│ │ + documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│ │ >
│ │ > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│ │ >
│ │ > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the …- Loading branch information
1 parent
182804a
commit 79d9c4d