Automated SDK generation @ aws-cloudformation-user-guide 19dc52cd3f2007d6d268b65b739ffb5ebf8c1e76

.gitignore

@@ -28,3 +28,4 @@ sdk/java/gradlew.bat
 
 sdk/python/venv
 sdk/python/README.md
+.mono

CHANGELOG.md

@@ -1,11 +1,26 @@
 # Change Log
 
-## Unreleased
+## 0.99.0 (2024-03-14)
 
 - [Fix multi-type resolutions](https://github.com/pulumi/pulumi-aws-native/pull/1383) includes fixes for inline role policies
 - [Include "id" resource properties as "awsId"](https://github.com/pulumi/pulumi-aws-native/pull/1387)
+- [Add more descriptive explanation for missing aws native region config](https://github.com/pulumi/pulumi-aws-native/pull/1355)
+- [Send unchanged write-only properties as adds on update](https://github.com/pulumi/pulumi-aws-native/pull/1395)
+- [Fix parsing provider config defaultTags](https://github.com/pulumi/pulumi-aws-native/pull/1393)
+- [Remove resources not supported by CloudControl from the SDK](https://github.com/pulumi/pulumi-aws-native/pull/1402)
 - [Fix updates with secret values](https://github.com/pulumi/pulumi-aws-native/pull/1397)
 
+### Breaking Changes
+
+EC2 Instance properties changed:
+
+- `Id` removed.
+- `Affinity` changed from `string` to `InstanceAffinity` enum.
+- `CpuOptions` type name changed from `InstanceCpuOptions` to `CpuOptionsProperties`.
+- `CreditSpecification` type name changed from `InstanceCreditSpecification` to `CreditSpecificationPropertiesArgs`.
+- `EnclaveOptions` type name changed from `InstanceHibernationOptions` to `HibernationOptionsProperties`.
+- `HibernationOptions` type name changed from `InstanceHibernationOptions` to `HibernationOptionsProperties`
+
 ## 0.98.0 (2024-02-29)
 
 - **BREAKING CHANGE**: [De-duplicate types for simple arrays of tags](https://github.com/pulumi/pulumi-aws-native/pull/1348)

aws-cloudformation-schema/aws-amplify-domain.json

@@ -77,7 +77,7 @@
         },
         "CustomCertificateArn" : {
           "type" : "string",
-          "pattern" : "\"^arn:aws:acm:[a-z0-9-]+:\\d{12}:certificate\\/.+$\""
+          "pattern" : "^arn:aws:acm:[a-z0-9-]+:\\d{12}:certificate\\/.+$"
         }
       }
     },

aws-cloudformation-schema/aws-apigateway-authorizer.json

@@ -28,7 +28,7 @@
       "type" : "string"
     },
     "IdentitySource" : {
-      "description" : "The identity source for which authorization is requested. For a ``TOKEN`` or ``COGNITO_USER_POOLS`` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is ``Auth``, the header mapping expression is ``method.request.header.Auth``. For the ``REQUEST`` authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an ``Auth`` header, a ``Name`` query string parameter are defined as identity sources, this value is ``method.request.header.Auth, method.request.querystring.Name``. These parameters will be used to derive the authorization caching key and to perform runtime validation of the ``REQUEST`` authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when thi",
+      "description" : "The identity source for which authorization is requested. For a ``TOKEN`` or ``COGNITO_USER_POOLS`` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is ``Auth``, the header mapping expression is ``method.request.header.Auth``. For the ``REQUEST`` authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an ``Auth`` header, a ``Name`` query string parameter are defined as identity sources, this value is ``method.request.header.Auth, method.request.querystring.Name``. These parameters will be used to derive the authorization caching key and to perform runtime validation of the ``REQUEST`` authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.",
       "type" : "string"
     },
     "IdentityValidationExpression" : {

aws-cloudformation-schema/aws-apigateway-method.json

@@ -50,7 +50,7 @@
           }
         },
         "PassthroughBehavior" : {
-          "description" : "Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation. A content type is unmapped if no mapping template is defined in the integration or the content type does not match any of the mapped content types, as specified in ``requestTemplates``. The valid value is one of the following: ``WHEN_NO_MATCH``: passes the method request body through the integration request to the back end without transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request. ``WHEN_NO_TEMPLATES``: passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 Unsupported Media Type response",
+          "description" : "Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation. A content type is unmapped if no mapping template is defined in the integration or the content type does not match any of the mapped content types, as specified in ``requestTemplates``. The valid value is one of the following: ``WHEN_NO_MATCH``: passes the method request body through the integration request to the back end without transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request. ``WHEN_NO_TEMPLATES``: passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 Unsupported Media Type response. ``NEVER``: rejects the method request with an HTTP 415 Unsupported Media Type response when either the method request content type does not match any content type associated with the mapping templates defined in the integration request or no mapping template is defined in the integration request.",
           "type" : "string",
           "enum" : [ "WHEN_NO_MATCH", "WHEN_NO_TEMPLATES", "NEVER" ]
         },
@@ -85,7 +85,7 @@
           "enum" : [ "AWS", "AWS_PROXY", "HTTP", "HTTP_PROXY", "MOCK" ]
         },
         "Uri" : {
-          "description" : "Specifies Uniform Resource Identifier (URI) of the integration endpoint.\n For ``HTTP`` or ``HTTP_PROXY`` integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification for standard integrations. If ``connectionType`` is ``VPC_LINK`` specify the Network Load Balancer DNS name. For ``AWS`` or ``AWS_PROXY`` integrations, the URI is of the form ``arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}``. Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS service for fast host-name lookup. action can be used for an AWS service action-based API, using an Action={name}&{p1}={v1}&p2={v2}... query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an AWS service path-based API. The ensuing service_ap",
+          "description" : "Specifies Uniform Resource Identifier (URI) of the integration endpoint.\n For ``HTTP`` or ``HTTP_PROXY`` integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification for standard integrations. If ``connectionType`` is ``VPC_LINK`` specify the Network Load Balancer DNS name. For ``AWS`` or ``AWS_PROXY`` integrations, the URI is of the form ``arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}``. Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS service for fast host-name lookup. action can be used for an AWS service action-based API, using an Action={name}&{p1}={v1}&p2={v2}... query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an AWS service path-based API. The ensuing service_api refers to the path to an AWS service resource, including the region of the integrated AWS service, if applicable. For example, for integration with the S3 API of GetObject, the uri can be either ``arn:aws:apigateway:us-west-2:s3:action/GetObject&Bucket={bucket}&Key={key}`` or ``arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}``",
           "type" : "string"
         }
       },

aws-cloudformation-schema/aws-apigatewayv2-authorizer.json

@@ -1,48 +1,60 @@
 {
   "typeName" : "AWS::ApiGatewayV2::Authorizer",
-  "description" : "Resource Type definition for AWS::ApiGatewayV2::Authorizer",
+  "description" : "The ``AWS::ApiGatewayV2::Authorizer`` resource creates an authorizer for a WebSocket API or an HTTP API. To learn more, see [Controlling and managing access to a WebSocket API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-control-access.html) and [Controlling and managing access to an HTTP API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-access-control.html) in the *API Gateway Developer Guide*.",
   "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-apigatewayv2",
   "additionalProperties" : false,
   "properties" : {
     "IdentityValidationExpression" : {
-      "type" : "string"
+      "type" : "string",
+      "description" : "This parameter is not used."
     },
     "AuthorizerUri" : {
-      "type" : "string"
+      "type" : "string",
+      "description" : "The authorizer's Uniform Resource Identifier (URI). For ``REQUEST`` authorizers, this must be a well-formed Lambda function URI, for example, ``arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations``. In general, the URI has this form: ``arn:aws:apigateway:{region}:lambda:path/{service_api}``, where *{region}* is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial ``/``. For Lambda functions, this is usually of the form ``/2015-03-31/functions/[FunctionARN]/invocations``."
     },
     "AuthorizerCredentialsArn" : {
-      "type" : "string"
+      "type" : "string",
+      "description" : "Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null. Supported only for ``REQUEST`` authorizers."
     },
     "AuthorizerType" : {
-      "type" : "string"
+      "type" : "string",
+      "description" : "The authorizer type. Specify ``REQUEST`` for a Lambda function using incoming request parameters. Specify ``JWT`` to use JSON Web Tokens (supported only for HTTP APIs)."
     },
     "JwtConfiguration" : {
-      "$ref" : "#/definitions/JWTConfiguration"
+      "$ref" : "#/definitions/JWTConfiguration",
+      "description" : "The ``JWTConfiguration`` property specifies the configuration of a JWT authorizer. Required for the ``JWT`` authorizer type. Supported only for HTTP APIs."
     },
     "AuthorizerResultTtlInSeconds" : {
-      "type" : "integer"
+      "type" : "integer",
+      "description" : "The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers."
     },
     "IdentitySource" : {
       "type" : "array",
       "uniqueItems" : false,
       "items" : {
         "type" : "string"
-      }
+      },
+      "description" : "The identity source for which authorization is requested.\n For a ``REQUEST`` authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with ``$``, for example, ``$request.header.Auth``, ``$request.querystring.Name``. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html).\n For ``JWT``, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example ``$request.header.Authorization``."
     },
     "AuthorizerPayloadFormatVersion" : {
-      "type" : "string"
+      "type" : "string",
+      "description" : "Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are ``1.0`` and ``2.0``. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html)."
     },
     "ApiId" : {
-      "type" : "string"
+      "type" : "string",
+      "description" : "The API identifier."
     },
     "EnableSimpleResponses" : {
-      "type" : "boolean"
+      "type" : "boolean",
+      "description" : "Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html)."
     },
     "AuthorizerId" : {
-      "type" : "string"
+      "type" : "string",
+      "description" : ""
     },
     "Name" : {
-      "type" : "string"
+      "type" : "string",
+      "description" : "The name of the authorizer."
     }
   },
   "definitions" : {
@@ -51,16 +63,19 @@
       "additionalProperties" : false,
       "properties" : {
         "Issuer" : {
-          "type" : "string"
+          "type" : "string",
+          "description" : "The base domain of the identity provider that issues JSON Web Tokens. For example, an Amazon Cognito user pool has the following format: ``https://cognito-idp.{region}.amazonaws.com/{userPoolId}``. Required for the ``JWT`` authorizer type. Supported only for HTTP APIs."
         },
         "Audience" : {
           "type" : "array",
           "uniqueItems" : false,
           "items" : {
             "type" : "string"
-          }
+          },
+          "description" : "A list of the intended recipients of the JWT. A valid JWT must provide an ``aud`` that matches at least one entry in this list. See [RFC 7519](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc7519#section-4.1.3). Required for the ``JWT`` authorizer type. Supported only for HTTP APIs."
         }
-      }
+      },
+      "description" : "The ``JWTConfiguration`` property specifies the configuration of a JWT authorizer. Required for the ``JWT`` authorizer type. Supported only for HTTP APIs."
     }
   },
   "required" : [ "AuthorizerType", "ApiId", "Name" ],