From c6bd3a3499b6139f5821b97ebc5f2df3c436be4b Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 27 Jan 2026 16:07:58 +0000 Subject: [PATCH] chore(schema): update --- samtranslator/schema/schema.json | 927 ++++++++++++++++++++++- schema_source/cloudformation-docs.json | 34 +- schema_source/cloudformation.schema.json | 927 ++++++++++++++++++++++- 3 files changed, 1825 insertions(+), 63 deletions(-) diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index ac74f8de4..01be458b5 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -31457,6 +31457,12 @@ "markdownDescription": "An array of `BackupRule` objects, each of which specifies a scheduled task that is used to back up a selection of resources.", "title": "BackupPlanRule", "type": "array" + }, + "ScanSettings": { + "items": { + "$ref": "#/definitions/AWS::Backup::BackupPlan.ScanSettingResourceType" + }, + "type": "array" } }, "required": [ @@ -31515,6 +31521,12 @@ "title": "RuleName", "type": "string" }, + "ScanActions": { + "items": { + "$ref": "#/definitions/AWS::Backup::BackupPlan.ScanActionResourceType" + }, + "type": "array" + }, "ScheduleExpression": { "markdownDescription": "A CRON expression specifying when AWS Backup initiates a backup job.", "title": "ScheduleExpression", @@ -31601,6 +31613,36 @@ }, "type": "object" }, + "AWS::Backup::BackupPlan.ScanActionResourceType": { + "additionalProperties": false, + "properties": { + "MalwareScanner": { + "type": "string" + }, + "ScanMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Backup::BackupPlan.ScanSettingResourceType": { + "additionalProperties": false, + "properties": { + "MalwareScanner": { + "type": "string" + }, + "ResourceTypes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ScannerRoleArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Backup::BackupSelection": { "additionalProperties": false, "properties": { @@ -32708,6 +32750,114 @@ }, "type": "object" }, + "AWS::Backup::TieringConfiguration": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "BackupVaultName": { + "type": "string" + }, + "ResourceSelection": { + "items": { + "$ref": "#/definitions/AWS::Backup::TieringConfiguration.ResourceSelection" + }, + "type": "array" + }, + "TieringConfigurationName": { + "type": "string" + }, + "TieringConfigurationTags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "BackupVaultName", + "ResourceSelection", + "TieringConfigurationName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Backup::TieringConfiguration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Backup::TieringConfiguration.ResourceSelection": { + "additionalProperties": false, + "properties": { + "ResourceType": { + "type": "string" + }, + "Resources": { + "items": { + "type": "string" + }, + "type": "array" + }, + "TieringDownSettingsInDays": { + "type": "number" + } + }, + "required": [ + "ResourceType", + "Resources", + "TieringDownSettingsInDays" + ], + "type": "object" + }, "AWS::BackupGateway::Hypervisor": { "additionalProperties": false, "properties": { @@ -44286,7 +44436,6 @@ } }, "required": [ - "CredentialProviderConfigurations", "Name", "TargetConfiguration" ], @@ -44313,6 +44462,89 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::GatewayTarget.ApiGatewayTargetConfiguration": { + "additionalProperties": false, + "properties": { + "ApiGatewayToolConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolConfiguration" + }, + "RestApiId": { + "type": "string" + }, + "Stage": { + "type": "string" + } + }, + "required": [ + "ApiGatewayToolConfiguration", + "RestApiId", + "Stage" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolConfiguration": { + "additionalProperties": false, + "properties": { + "ToolFilters": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolFilter" + }, + "type": "array" + }, + "ToolOverrides": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolOverride" + }, + "type": "array" + } + }, + "required": [ + "ToolFilters" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolFilter": { + "additionalProperties": false, + "properties": { + "FilterPath": { + "type": "string" + }, + "Methods": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "FilterPath", + "Methods" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolOverride": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "Method": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Path": { + "type": "string" + } + }, + "required": [ + "Method", + "Name", + "Path" + ], + "type": "object" + }, "AWS::BedrockAgentCore::GatewayTarget.ApiKeyCredentialProvider": { "additionalProperties": false, "properties": { @@ -44430,6 +44662,9 @@ "AWS::BedrockAgentCore::GatewayTarget.McpTargetConfiguration": { "additionalProperties": false, "properties": { + "ApiGateway": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.ApiGatewayTargetConfiguration" + }, "Lambda": { "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.McpLambdaTargetConfiguration", "markdownDescription": "The Lambda MCP configuration for the gateway target.", @@ -57502,6 +57737,12 @@ "markdownDescription": "The name of the key value store.", "title": "Name", "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -63491,7 +63732,7 @@ }, "LoadBalancerInfo": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentGroup.LoadBalancerInfo", - "markdownDescription": "Information about the load balancer to use in a deployment. For more information, see [Integrating CodeDeploy with ELB](https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-elastic-load-balancing.html) in the *AWS CodeDeploy User Guide* .", + "markdownDescription": "Information about the load balancer to use in a deployment. For more information, see [Integrating CodeDeploy with Elastic Load Balancing](https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-elastic-load-balancing.html) in the *AWS CodeDeploy User Guide* .", "title": "LoadBalancerInfo" }, "OnPremisesInstanceTagFilters": { @@ -71903,6 +72144,9 @@ "markdownDescription": "Configuration for language settings of this evaluation form.", "title": "LanguageConfiguration" }, + "ReviewConfiguration": { + "$ref": "#/definitions/AWS::Connect::EvaluationForm.EvaluationReviewConfiguration" + }, "ScoringStrategy": { "$ref": "#/definitions/AWS::Connect::EvaluationForm.ScoringStrategy", "markdownDescription": "A scoring strategy of the evaluation form.", @@ -72589,6 +72833,49 @@ }, "type": "object" }, + "AWS::Connect::EvaluationForm.EvaluationReviewConfiguration": { + "additionalProperties": false, + "properties": { + "EligibilityDays": { + "type": "number" + }, + "ReviewNotificationRecipients": { + "items": { + "$ref": "#/definitions/AWS::Connect::EvaluationForm.EvaluationReviewNotificationRecipient" + }, + "type": "array" + } + }, + "required": [ + "ReviewNotificationRecipients" + ], + "type": "object" + }, + "AWS::Connect::EvaluationForm.EvaluationReviewNotificationRecipient": { + "additionalProperties": false, + "properties": { + "Type": { + "type": "string" + }, + "Value": { + "$ref": "#/definitions/AWS::Connect::EvaluationForm.EvaluationReviewNotificationRecipientValue" + } + }, + "required": [ + "Type", + "Value" + ], + "type": "object" + }, + "AWS::Connect::EvaluationForm.EvaluationReviewNotificationRecipientValue": { + "additionalProperties": false, + "properties": { + "UserId": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Connect::EvaluationForm.MultiSelectQuestionRuleCategoryAutomation": { "additionalProperties": false, "properties": { @@ -115536,6 +115823,9 @@ "title": "Ec2InstanceProfileArn", "type": "string" }, + "FipsEnabled": { + "type": "boolean" + }, "InstanceRequirements": { "$ref": "#/definitions/AWS::ECS::CapacityProvider.InstanceRequirementsRequest", "markdownDescription": "The instance requirements. You can specify:\n\n- The instance types\n- Instance requirements such as vCPU count, memory, network performance, and accelerator specifications\n\nAmazon ECS automatically selects the instances that match the specified criteria.", @@ -115738,6 +116028,7 @@ } }, "required": [ + "SecurityGroups", "Subnets" ], "type": "object" @@ -123880,7 +124171,7 @@ "additionalProperties": false, "properties": { "AuthMode": { - "markdownDescription": "Specifies whether the Studio authenticates users using IAM Identity Center or IAM.", + "markdownDescription": "Specifies whether the Studio authenticates users using SSO or IAM.", "title": "AuthMode", "type": "string" }, @@ -124040,7 +124331,7 @@ "additionalProperties": false, "properties": { "IdentityName": { - "markdownDescription": "The name of the user or group. For more information, see [UserName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html#singlesignon-Type-User-UserName) and [DisplayName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html#singlesignon-Type-Group-DisplayName) in the *IAM Identity Center Identity Store API Reference* .", + "markdownDescription": "The name of the user or group. For more information, see [UserName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html#singlesignon-Type-User-UserName) and [DisplayName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html#singlesignon-Type-Group-DisplayName) in the *Identity Store API Reference* .", "title": "IdentityName", "type": "string" }, @@ -139414,8 +139705,7 @@ } }, "required": [ - "MaxSize", - "MinSize" + "MaxSize" ], "type": "object" }, @@ -140202,8 +140492,7 @@ } }, "required": [ - "MaxSize", - "MinSize" + "MaxSize" ], "type": "object" }, @@ -141135,6 +141424,9 @@ "title": "Name", "type": "string" }, + "NodeJsVersion": { + "type": "string" + }, "StorageLocation": { "$ref": "#/definitions/AWS::GameLift::Script.S3Location", "markdownDescription": "The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift Servers to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift Servers uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the `ObjectVersion` parameter to specify an earlier version.", @@ -146189,7 +146481,7 @@ "items": { "type": "string" }, - "markdownDescription": "Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center , or both to authenticate users for using the Grafana console within a workspace. For more information, see [User authentication in Amazon Managed Grafana](https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html) .\n\n*Allowed Values* : `AWS_SSO | SAML`", + "markdownDescription": "Specifies whether this workspace uses SAML 2.0, SSOlong , or both to authenticate users for using the Grafana console within a workspace. For more information, see [User authentication in Amazon Managed Grafana](https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html) .\n\n*Allowed Values* : `AWS_SSO | SAML`", "title": "AuthenticationProviders", "type": "array" }, @@ -161648,6 +161940,12 @@ "title": "DefaultLogLevel", "type": "string" }, + "EventConfigurations": { + "items": { + "$ref": "#/definitions/AWS::IoT::Logging.EventConfiguration" + }, + "type": "array" + }, "RoleArn": { "markdownDescription": "The role ARN used for the log.", "title": "RoleArn", @@ -161682,6 +161980,24 @@ ], "type": "object" }, + "AWS::IoT::Logging.EventConfiguration": { + "additionalProperties": false, + "properties": { + "EventType": { + "type": "string" + }, + "LogDestination": { + "type": "string" + }, + "LogLevel": { + "type": "string" + } + }, + "required": [ + "EventType" + ], + "type": "object" + }, "AWS::IoT::MitigationAction": { "additionalProperties": false, "properties": { @@ -171055,7 +171371,7 @@ "type": "string" }, "PortalAuthMode": { - "markdownDescription": "The service to use to authenticate users to the portal. Choose from the following options:\n\n- `SSO` \u2013 The portal uses AWS IAM Identity Center to authenticate users and manage user permissions. Before you can create a portal that uses IAM Identity Center, you must enable IAM Identity Center. For more information, see [Enabling IAM Identity Center](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) in the *AWS IoT SiteWise User Guide* . This option is only available in AWS Regions other than the China Regions.\n- `IAM` \u2013 The portal uses AWS Identity and Access Management to authenticate users and manage user permissions.\n\nYou can't change this value after you create a portal.\n\nDefault: `SSO`", + "markdownDescription": "The service to use to authenticate users to the portal. Choose from the following options:\n\n- `SSO` \u2013 The portal uses SSOlong to authenticate users and manage user permissions. Before you can create a portal that uses IAM Identity Center, you must enable IAM Identity Center. For more information, see [Enabling IAM Identity Center](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) in the *AWS IoT SiteWise User Guide* . This option is only available in AWS Regions other than the China Regions.\n- `IAM` \u2013 The portal uses AWS Identity and Access Management to authenticate users and manage user permissions.\n\nYou can't change this value after you create a portal.\n\nDefault: `SSO`", "title": "PortalAuthMode", "type": "string" }, @@ -174934,6 +175250,7 @@ } }, "required": [ + "McuCount", "WorkerCount" ], "type": "object" @@ -194286,7 +194603,7 @@ "properties": { "IamIdentityCenter": { "$ref": "#/definitions/AWS::MPA::IdentitySource.IamIdentityCenter", - "markdownDescription": "AWS IAM Identity Center credentials.", + "markdownDescription": "SSOlong credentials.", "title": "IamIdentityCenter" } }, @@ -196072,6 +196389,175 @@ }, "type": "object" }, + "AWS::MWAAServerless::Workflow": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DefinitionS3Location": { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow.S3Location" + }, + "Description": { + "type": "string" + }, + "EncryptionConfiguration": { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow.EncryptionConfiguration" + }, + "LoggingConfiguration": { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow.LoggingConfiguration" + }, + "Name": { + "type": "string" + }, + "NetworkConfiguration": { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow.NetworkConfiguration" + }, + "RoleArn": { + "type": "string" + }, + "Tags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "TriggerMode": { + "type": "string" + } + }, + "required": [ + "DefinitionS3Location", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::MWAAServerless::Workflow" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::MWAAServerless::Workflow.EncryptionConfiguration": { + "additionalProperties": false, + "properties": { + "KmsKeyId": { + "type": "string" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::MWAAServerless::Workflow.LoggingConfiguration": { + "additionalProperties": false, + "properties": { + "LogGroupName": { + "type": "string" + } + }, + "required": [ + "LogGroupName" + ], + "type": "object" + }, + "AWS::MWAAServerless::Workflow.NetworkConfiguration": { + "additionalProperties": false, + "properties": { + "SecurityGroupIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SubnetIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::MWAAServerless::Workflow.S3Location": { + "additionalProperties": false, + "properties": { + "Bucket": { + "type": "string" + }, + "ObjectKey": { + "type": "string" + }, + "VersionId": { + "type": "string" + } + }, + "required": [ + "Bucket", + "ObjectKey" + ], + "type": "object" + }, + "AWS::MWAAServerless::Workflow.ScheduleConfiguration": { + "additionalProperties": false, + "properties": { + "CronExpression": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Macie::AllowList": { "additionalProperties": false, "properties": { @@ -200934,6 +201420,9 @@ "markdownDescription": "The input specification for this channel. It specifies the key characteristics of the inputs for this channel: the maximum bitrate, the resolution, and the codec.", "title": "InputSpecification" }, + "LinkedChannelSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.LinkedChannelSettings" + }, "LogLevel": { "markdownDescription": "The verbosity for logging activity for this channel. Charges for logging (which are generated through Amazon CloudWatch Logging) are higher for higher verbosities.", "title": "LogLevel", @@ -202952,6 +203441,18 @@ }, "type": "object" }, + "AWS::MediaLive::Channel.FollowerChannelSettings": { + "additionalProperties": false, + "properties": { + "LinkedChannelType": { + "type": "string" + }, + "PrimaryChannelArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.FrameCaptureCdnSettings": { "additionalProperties": false, "properties": { @@ -204318,6 +204819,18 @@ }, "type": "object" }, + "AWS::MediaLive::Channel.LinkedChannelSettings": { + "additionalProperties": false, + "properties": { + "FollowerChannelSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.FollowerChannelSettings" + }, + "PrimaryChannelSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.PrimaryChannelSettings" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.M2tsSettings": { "additionalProperties": false, "properties": { @@ -205612,7 +206125,20 @@ }, "AWS::MediaLive::Channel.PipelineLockingSettings": { "additionalProperties": false, - "properties": {}, + "properties": { + "PipelineLockingMethod": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::MediaLive::Channel.PrimaryChannelSettings": { + "additionalProperties": false, + "properties": { + "LinkedChannelType": { + "type": "string" + } + }, "type": "object" }, "AWS::MediaLive::Channel.RawSettings": { @@ -219871,7 +220397,7 @@ "additionalProperties": false, "properties": { "Filter": { - "markdownDescription": "When used in `MetricConfiguration` this field specifies which metric namespaces are to be shared with the monitoring account\n\nWhen used in `LogGroupConfiguration` this field specifies which log groups are to share their log events with the monitoring account. Use the term `LogGroupName` and one or more of the following operands.\n\nUse single quotation marks (') around log group names and metric namespaces.\n\nThe matching of log group names and metric namespaces is case sensitive. Each filter has a limit of five conditional operands. Conditional operands are `AND` and `OR` .\n\n- `=` and `!=`\n- `AND`\n- `OR`\n- `LIKE` and `NOT LIKE` . These can be used only as prefix searches. Include a `%` at the end of the string that you want to search for and include.\n- `IN` and `NOT IN` , using parentheses `( )`\n\nExamples:\n\n- `Namespace NOT LIKE 'AWS/%'` includes only namespaces that don't start with `AWS/` , such as custom namespaces.\n- `Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3')` includes only the metrics in the EC2, ELB , and Amazon S3 namespaces.\n- `Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%'` includes only the EC2 namespace and your custom namespaces.\n- `LogGroupName IN ('This-Log-Group', 'Other-Log-Group')` includes only the log groups with names `This-Log-Group` and `Other-Log-Group` .\n- `LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2')` includes all log groups except the log groups with names `Private-Log-Group` and `Private-Log-Group-2` .\n- `LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%'` includes all log groups that have names that start with `aws/lambda/` or `AWSLogs` .\n\n> If you are updating a link that uses filters, you can specify `*` as the only value for the `filter` parameter to delete the filter and share all log groups with the monitoring account.", + "markdownDescription": "When used in `MetricConfiguration` this field specifies which metric namespaces are to be shared with the monitoring account\n\nWhen used in `LogGroupConfiguration` this field specifies which log groups are to share their log events with the monitoring account. Use the term `LogGroupName` and one or more of the following operands.\n\nUse single quotation marks (') around log group names and metric namespaces.\n\nThe matching of log group names and metric namespaces is case sensitive. Each filter has a limit of five conditional operands. Conditional operands are `AND` and `OR` .\n\n- `=` and `!=`\n- `AND`\n- `OR`\n- `LIKE` and `NOT LIKE` . These can be used only as prefix searches. Include a `%` at the end of the string that you want to search for and include.\n- `IN` and `NOT IN` , using parentheses `( )`\n\nExamples:\n\n- `Namespace NOT LIKE 'AWS/%'` includes only namespaces that don't start with `AWS/` , such as custom namespaces.\n- `Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3')` includes only the metrics in the EC2, Elastic Load Balancing , and Amazon S3 namespaces.\n- `Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%'` includes only the EC2 namespace and your custom namespaces.\n- `LogGroupName IN ('This-Log-Group', 'Other-Log-Group')` includes only the log groups with names `This-Log-Group` and `Other-Log-Group` .\n- `LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2')` includes all log groups except the log groups with names `Private-Log-Group` and `Private-Log-Group-2` .\n- `LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%'` includes all log groups that have names that start with `aws/lambda/` or `AWSLogs` .\n\n> If you are updating a link that uses filters, you can specify `*` as the only value for the `filter` parameter to delete the filter and share all log groups with the monitoring account.", "title": "Filter", "type": "string" } @@ -222726,11 +223252,17 @@ "Properties": { "additionalProperties": false, "properties": { + "CollectionGroupName": { + "type": "string" + }, "Description": { "markdownDescription": "A description of the collection.", "title": "Description", "type": "string" }, + "EncryptionConfig": { + "$ref": "#/definitions/AWS::OpenSearchServerless::Collection.EncryptionConfig" + }, "Name": { "markdownDescription": "The name of the collection.\n\nCollection names must meet the following criteria:\n\n- Starts with a lowercase letter\n- Unique to your account and AWS Region\n- Contains between 3 and 28 characters\n- Contains only lowercase letters a-z, the numbers 0-9, and the hyphen (-)", "title": "Name", @@ -222781,6 +223313,18 @@ ], "type": "object" }, + "AWS::OpenSearchServerless::Collection.EncryptionConfig": { + "additionalProperties": false, + "properties": { + "AWSOwnedKey": { + "type": "boolean" + }, + "KmsKeyArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::OpenSearchServerless::Index": { "additionalProperties": false, "properties": { @@ -237470,6 +238014,334 @@ }, "type": "object" }, + "AWS::QuickSight::ActionConnector": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ActionConnectorId": { + "type": "string" + }, + "AuthenticationConfig": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthConfig" + }, + "AwsAccountId": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Permissions": { + "items": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.ResourcePermission" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "Type": { + "type": "string" + }, + "VpcConnectionArn": { + "type": "string" + } + }, + "required": [ + "ActionConnectorId", + "AwsAccountId", + "Name", + "Type" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::QuickSight::ActionConnector" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.APIKeyConnectionMetadata": { + "additionalProperties": false, + "properties": { + "ApiKey": { + "type": "string" + }, + "BaseEndpoint": { + "type": "string" + }, + "Email": { + "type": "string" + } + }, + "required": [ + "ApiKey", + "BaseEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthConfig": { + "additionalProperties": false, + "properties": { + "AuthenticationMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthenticationMetadata" + }, + "AuthenticationType": { + "type": "string" + } + }, + "required": [ + "AuthenticationMetadata", + "AuthenticationType" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthenticationMetadata": { + "additionalProperties": false, + "properties": { + "ApiKeyConnectionMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.APIKeyConnectionMetadata" + }, + "AuthorizationCodeGrantMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthorizationCodeGrantMetadata" + }, + "BasicAuthConnectionMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.BasicAuthConnectionMetadata" + }, + "ClientCredentialsGrantMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.ClientCredentialsGrantMetadata" + }, + "IamConnectionMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.IAMConnectionMetadata" + }, + "NoneConnectionMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.NoneConnectionMetadata" + } + }, + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthorizationCodeGrantCredentialsDetails": { + "additionalProperties": false, + "properties": { + "AuthorizationCodeGrantDetails": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthorizationCodeGrantDetails" + } + }, + "required": [ + "AuthorizationCodeGrantDetails" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthorizationCodeGrantDetails": { + "additionalProperties": false, + "properties": { + "AuthorizationEndpoint": { + "type": "string" + }, + "ClientId": { + "type": "string" + }, + "ClientSecret": { + "type": "string" + }, + "TokenEndpoint": { + "type": "string" + } + }, + "required": [ + "AuthorizationEndpoint", + "ClientId", + "ClientSecret", + "TokenEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthorizationCodeGrantMetadata": { + "additionalProperties": false, + "properties": { + "AuthorizationCodeGrantCredentialsDetails": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthorizationCodeGrantCredentialsDetails" + }, + "AuthorizationCodeGrantCredentialsSource": { + "type": "string" + }, + "BaseEndpoint": { + "type": "string" + }, + "RedirectUrl": { + "type": "string" + } + }, + "required": [ + "BaseEndpoint", + "RedirectUrl" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.BasicAuthConnectionMetadata": { + "additionalProperties": false, + "properties": { + "BaseEndpoint": { + "type": "string" + }, + "Password": { + "type": "string" + }, + "Username": { + "type": "string" + } + }, + "required": [ + "BaseEndpoint", + "Password", + "Username" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.ClientCredentialsDetails": { + "additionalProperties": false, + "properties": { + "ClientCredentialsGrantDetails": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.ClientCredentialsGrantDetails" + } + }, + "required": [ + "ClientCredentialsGrantDetails" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.ClientCredentialsGrantDetails": { + "additionalProperties": false, + "properties": { + "ClientId": { + "type": "string" + }, + "ClientSecret": { + "type": "string" + }, + "TokenEndpoint": { + "type": "string" + } + }, + "required": [ + "ClientId", + "ClientSecret", + "TokenEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.ClientCredentialsGrantMetadata": { + "additionalProperties": false, + "properties": { + "BaseEndpoint": { + "type": "string" + }, + "ClientCredentialsDetails": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.ClientCredentialsDetails" + }, + "ClientCredentialsSource": { + "type": "string" + } + }, + "required": [ + "BaseEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.IAMConnectionMetadata": { + "additionalProperties": false, + "properties": { + "RoleArn": { + "type": "string" + } + }, + "required": [ + "RoleArn" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.NoneConnectionMetadata": { + "additionalProperties": false, + "properties": { + "BaseEndpoint": { + "type": "string" + } + }, + "required": [ + "BaseEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.ResourcePermission": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Principal": { + "type": "string" + } + }, + "required": [ + "Actions", + "Principal" + ], + "type": "object" + }, "AWS::QuickSight::Analysis": { "additionalProperties": false, "properties": { @@ -294437,7 +295309,7 @@ "additionalProperties": false, "properties": { "Channel": { - "markdownDescription": "The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and AWS Health Dashboard to notify for an event.\n\n> In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels.", + "markdownDescription": "The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and Health Dashboard to notify for an event.\n\n> In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels.", "title": "Channel", "type": "string" }, @@ -311848,7 +312720,7 @@ "additionalProperties": false, "properties": { "InstanceArn": { - "markdownDescription": "The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", + "markdownDescription": "The ARN of the instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", "title": "InstanceArn", "type": "string" }, @@ -312019,12 +312891,12 @@ "items": { "$ref": "#/definitions/AWS::SSO::InstanceAccessControlAttributeConfiguration.AccessControlAttribute" }, - "markdownDescription": "Lists the attributes that are configured for ABAC in the specified IAM Identity Center instance.", + "markdownDescription": "Lists the attributes that are configured for ABAC in the specified instance.", "title": "AccessControlAttributes", "type": "array" }, "InstanceArn": { - "markdownDescription": "The ARN of the IAM Identity Center instance under which the operation will be executed.", + "markdownDescription": "The ARN of the instance under which the operation will be executed.", "title": "InstanceArn", "type": "string" } @@ -312059,7 +312931,7 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center .", + "markdownDescription": "The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in .", "title": "Key", "type": "string" }, @@ -312082,7 +312954,7 @@ "items": { "type": "string" }, - "markdownDescription": "The identity source to use when mapping a specified attribute to IAM Identity Center .", + "markdownDescription": "The identity source to use when mapping a specified attribute to .", "title": "Source", "type": "array" } @@ -312146,7 +313018,7 @@ "type": "object" }, "InstanceArn": { - "markdownDescription": "The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", + "markdownDescription": "The ARN of the instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", "title": "InstanceArn", "type": "string" }, @@ -323617,12 +324489,12 @@ "type": "string" }, "SingleSignOnUserIdentifier": { - "markdownDescription": "A specifier for the type of value specified in SingleSignOnUserValue. Currently, the only supported value is \"UserName\". If the Domain's AuthMode is IAM Identity Center , this field is required. If the Domain's AuthMode is not IAM Identity Center , this field cannot be specified.", + "markdownDescription": "A specifier for the type of value specified in SingleSignOnUserValue. Currently, the only supported value is \"UserName\". If the Domain's AuthMode is SSO , this field is required. If the Domain's AuthMode is not SSO , this field cannot be specified.", "title": "SingleSignOnUserIdentifier", "type": "string" }, "SingleSignOnUserValue": { - "markdownDescription": "The username of the associated AWS Single Sign-On User for this UserProfile. If the Domain's AuthMode is IAM Identity Center , this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not IAM Identity Center , this field cannot be specified.", + "markdownDescription": "The username of the associated AWS Single Sign-On User for this UserProfile. If the Domain's AuthMode is SSO , this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not SSO , this field cannot be specified.", "title": "SingleSignOnUserValue", "type": "string" }, @@ -349479,7 +350351,7 @@ "type": "object" }, "AuthenticationType": { - "markdownDescription": "The type of authentication integration points used when signing into the web portal. Defaults to `Standard` .\n\n`Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser\u2019s SP metadata with your IdP\u2019s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:\n\n1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource.\n\n2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API.\n\n3. Submit the data to your IdP.\n\n4. Add an `IdentityProvider` resource to your CloudFormation template.\n\n`IAM Identity Center` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.", + "markdownDescription": "The type of authentication integration points used when signing into the web portal. Defaults to `Standard` .\n\n`Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser\u2019s SP metadata with your IdP\u2019s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:\n\n1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource.\n\n2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API.\n\n3. Submit the data to your IdP.\n\n4. Add an `IdentityProvider` resource to your CloudFormation template.\n\n`SSO` web portals are authenticated through SSOlong . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in SSO . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.", "title": "AuthenticationType", "type": "string" }, @@ -360270,6 +361142,9 @@ { "$ref": "#/definitions/AWS::Backup::RestoreTestingSelection" }, + { + "$ref": "#/definitions/AWS::Backup::TieringConfiguration" + }, { "$ref": "#/definitions/AWS::BackupGateway::Hypervisor" }, @@ -362658,6 +363533,9 @@ { "$ref": "#/definitions/AWS::MWAA::Environment" }, + { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow" + }, { "$ref": "#/definitions/AWS::Macie::AllowList" }, @@ -363240,6 +364118,9 @@ { "$ref": "#/definitions/AWS::QLDB::Stream" }, + { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector" + }, { "$ref": "#/definitions/AWS::QuickSight::Analysis" }, diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index 95b19dae1..95d9348a5 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -10258,7 +10258,7 @@ "ECSServices": "The target Amazon ECS services in the deployment group. This applies only to deployment groups that use the Amazon ECS compute platform. A target Amazon ECS service is specified as an Amazon ECS cluster and service name pair using the format `:` .", "Ec2TagFilters": "The Amazon EC2 tags that are already applied to Amazon EC2 instances that you want to include in the deployment group. CodeDeploy includes all Amazon EC2 instances identified by any of the tags you specify in this deployment group. Duplicates are not allowed.\n\nYou can specify `EC2TagFilters` or `Ec2TagSet` , but not both.", "Ec2TagSet": "Information about groups of tags applied to Amazon EC2 instances. The deployment group includes only Amazon EC2 instances identified by all the tag groups. Cannot be used in the same call as `ec2TagFilter` .", - "LoadBalancerInfo": "Information about the load balancer to use in a deployment. For more information, see [Integrating CodeDeploy with ELB](https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-elastic-load-balancing.html) in the *AWS CodeDeploy User Guide* .", + "LoadBalancerInfo": "Information about the load balancer to use in a deployment. For more information, see [Integrating CodeDeploy with Elastic Load Balancing](https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-elastic-load-balancing.html) in the *AWS CodeDeploy User Guide* .", "OnPremisesInstanceTagFilters": "The on-premises instance tags already applied to on-premises instances that you want to include in the deployment group. CodeDeploy includes all on-premises instances identified by any of the tags you specify in this deployment group. To register on-premises instances with CodeDeploy , see [Working with On-Premises Instances for CodeDeploy](https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-on-premises.html) in the *AWS CodeDeploy User Guide* . Duplicates are not allowed.\n\nYou can specify `OnPremisesInstanceTagFilters` or `OnPremisesInstanceTagSet` , but not both.", "OnPremisesTagSet": "Information about groups of tags applied to on-premises instances. The deployment group includes only on-premises instances identified by all the tag groups.\n\nYou can specify `OnPremisesInstanceTagFilters` or `OnPremisesInstanceTagSet` , but not both.", "OutdatedInstancesStrategy": "Indicates what happens when new Amazon EC2 instances are launched mid-deployment and do not receive the deployed application revision.\n\nIf this option is set to `UPDATE` or is unspecified, CodeDeploy initiates one or more 'auto-update outdated instances' deployments to apply the deployed application revision to the new Amazon EC2 instances.\n\nIf this option is set to `IGNORE` , CodeDeploy does not initiate a deployment to update the new Amazon EC2 instances. This may result in instances having different revisions.", @@ -19848,7 +19848,7 @@ "Value": "The value part of the identified key." }, "AWS::EMR::Studio": { - "AuthMode": "Specifies whether the Studio authenticates users using IAM Identity Center or IAM.", + "AuthMode": "Specifies whether the Studio authenticates users using SSO or IAM.", "DefaultS3Location": "The Amazon S3 location to back up EMR Studio Workspaces and notebook files.", "Description": "A detailed description of the Amazon EMR Studio.", "EncryptionKeyArn": "The AWS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.", @@ -19871,7 +19871,7 @@ "Value": "A user-defined value, which is optional in a tag. For more information, see [Tag Clusters](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-tags.html) ." }, "AWS::EMR::StudioSessionMapping": { - "IdentityName": "The name of the user or group. For more information, see [UserName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html#singlesignon-Type-User-UserName) and [DisplayName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html#singlesignon-Type-Group-DisplayName) in the *IAM Identity Center Identity Store API Reference* .", + "IdentityName": "The name of the user or group. For more information, see [UserName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html#singlesignon-Type-User-UserName) and [DisplayName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html#singlesignon-Type-Group-DisplayName) in the *Identity Store API Reference* .", "IdentityType": "Specifies whether the identity to map to the Amazon EMR Studio is a user or a group.", "SessionPolicyArn": "The Amazon Resource Name (ARN) for the session policy that will be applied to the user or group. Session policies refine Studio user permissions without the need to use multiple IAM user roles. For more information, see [Create an EMR Studio user role with session policies](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-studio-user-role.html) in the *Amazon EMR Management Guide* .", "StudioId": "The ID of the Amazon EMR Studio to which the user or group will be mapped." @@ -23371,7 +23371,7 @@ }, "AWS::Grafana::Workspace": { "AccountAccessType": "Specifies whether the workspace can access AWS resources in this AWS account only, or whether it can also access AWS resources in other accounts in the same organization. If this is `ORGANIZATION` , the `OrganizationalUnits` parameter specifies which organizational units the workspace can access.", - "AuthenticationProviders": "Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center , or both to authenticate users for using the Grafana console within a workspace. For more information, see [User authentication in Amazon Managed Grafana](https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html) .\n\n*Allowed Values* : `AWS_SSO | SAML`", + "AuthenticationProviders": "Specifies whether this workspace uses SAML 2.0, SSOlong , or both to authenticate users for using the Grafana console within a workspace. For more information, see [User authentication in Amazon Managed Grafana](https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html) .\n\n*Allowed Values* : `AWS_SSO | SAML`", "ClientToken": "A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.", "DataSources": "Specifies the AWS data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.\n\nThis list is only used when the workspace was created through the AWS console, and the `permissionType` is `SERVICE_MANAGED` .", "Description": "The user-defined description of the workspace.", @@ -27274,7 +27274,7 @@ "AWS::IoTSiteWise::Portal": { "Alarms": "Contains the configuration information of an alarm created in an AWS IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see [Monitoring with alarms](https://docs.aws.amazon.com/iot-sitewise/latest/appguide/monitor-alarms.html) in the *AWS IoT SiteWise Application Guide* .", "NotificationSenderEmail": "The email address that sends alarm notifications.\n\n> If you use the [AWS IoT Events managed Lambda function](https://docs.aws.amazon.com/iotevents/latest/developerguide/lambda-support.html) to manage your emails, you must [verify the sender email address in Amazon SES](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html) .", - "PortalAuthMode": "The service to use to authenticate users to the portal. Choose from the following options:\n\n- `SSO` \u2013 The portal uses AWS IAM Identity Center to authenticate users and manage user permissions. Before you can create a portal that uses IAM Identity Center, you must enable IAM Identity Center. For more information, see [Enabling IAM Identity Center](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) in the *AWS IoT SiteWise User Guide* . This option is only available in AWS Regions other than the China Regions.\n- `IAM` \u2013 The portal uses AWS Identity and Access Management to authenticate users and manage user permissions.\n\nYou can't change this value after you create a portal.\n\nDefault: `SSO`", + "PortalAuthMode": "The service to use to authenticate users to the portal. Choose from the following options:\n\n- `SSO` \u2013 The portal uses SSOlong to authenticate users and manage user permissions. Before you can create a portal that uses IAM Identity Center, you must enable IAM Identity Center. For more information, see [Enabling IAM Identity Center](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) in the *AWS IoT SiteWise User Guide* . This option is only available in AWS Regions other than the China Regions.\n- `IAM` \u2013 The portal uses AWS Identity and Access Management to authenticate users and manage user permissions.\n\nYou can't change this value after you create a portal.\n\nDefault: `SSO`", "PortalContactEmail": "The AWS administrator's contact email address.", "PortalDescription": "A description for the portal.", "PortalName": "A friendly name for the portal.", @@ -31379,7 +31379,7 @@ "Region": "AWS Region where the IAM Identity Center instance is located." }, "AWS::MPA::IdentitySource IdentitySourceParameters": { - "IamIdentityCenter": "AWS IAM Identity Center credentials." + "IamIdentityCenter": "SSOlong credentials." }, "AWS::MPA::IdentitySource Tag": { "Key": "One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.", @@ -35625,7 +35625,7 @@ "MetricConfiguration": "Use this structure to filter which metric namespaces are to be shared from the source account to the monitoring account." }, "AWS::Oam::Link LinkFilter": { - "Filter": "When used in `MetricConfiguration` this field specifies which metric namespaces are to be shared with the monitoring account\n\nWhen used in `LogGroupConfiguration` this field specifies which log groups are to share their log events with the monitoring account. Use the term `LogGroupName` and one or more of the following operands.\n\nUse single quotation marks (') around log group names and metric namespaces.\n\nThe matching of log group names and metric namespaces is case sensitive. Each filter has a limit of five conditional operands. Conditional operands are `AND` and `OR` .\n\n- `=` and `!=`\n- `AND`\n- `OR`\n- `LIKE` and `NOT LIKE` . These can be used only as prefix searches. Include a `%` at the end of the string that you want to search for and include.\n- `IN` and `NOT IN` , using parentheses `( )`\n\nExamples:\n\n- `Namespace NOT LIKE 'AWS/%'` includes only namespaces that don't start with `AWS/` , such as custom namespaces.\n- `Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3')` includes only the metrics in the EC2, ELB , and Amazon S3 namespaces.\n- `Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%'` includes only the EC2 namespace and your custom namespaces.\n- `LogGroupName IN ('This-Log-Group', 'Other-Log-Group')` includes only the log groups with names `This-Log-Group` and `Other-Log-Group` .\n- `LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2')` includes all log groups except the log groups with names `Private-Log-Group` and `Private-Log-Group-2` .\n- `LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%'` includes all log groups that have names that start with `aws/lambda/` or `AWSLogs` .\n\n> If you are updating a link that uses filters, you can specify `*` as the only value for the `filter` parameter to delete the filter and share all log groups with the monitoring account." + "Filter": "When used in `MetricConfiguration` this field specifies which metric namespaces are to be shared with the monitoring account\n\nWhen used in `LogGroupConfiguration` this field specifies which log groups are to share their log events with the monitoring account. Use the term `LogGroupName` and one or more of the following operands.\n\nUse single quotation marks (') around log group names and metric namespaces.\n\nThe matching of log group names and metric namespaces is case sensitive. Each filter has a limit of five conditional operands. Conditional operands are `AND` and `OR` .\n\n- `=` and `!=`\n- `AND`\n- `OR`\n- `LIKE` and `NOT LIKE` . These can be used only as prefix searches. Include a `%` at the end of the string that you want to search for and include.\n- `IN` and `NOT IN` , using parentheses `( )`\n\nExamples:\n\n- `Namespace NOT LIKE 'AWS/%'` includes only namespaces that don't start with `AWS/` , such as custom namespaces.\n- `Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3')` includes only the metrics in the EC2, Elastic Load Balancing , and Amazon S3 namespaces.\n- `Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%'` includes only the EC2 namespace and your custom namespaces.\n- `LogGroupName IN ('This-Log-Group', 'Other-Log-Group')` includes only the log groups with names `This-Log-Group` and `Other-Log-Group` .\n- `LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2')` includes all log groups except the log groups with names `Private-Log-Group` and `Private-Log-Group-2` .\n- `LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%'` includes all log groups that have names that start with `aws/lambda/` or `AWSLogs` .\n\n> If you are updating a link that uses filters, you can specify `*` as the only value for the `filter` parameter to delete the filter and share all log groups with the monitoring account." }, "AWS::Oam::Sink": { "Name": "A name for the sink.", @@ -49641,7 +49641,7 @@ "Tags": "The tags to attach to the trust anchor." }, "AWS::RolesAnywhere::TrustAnchor NotificationSetting": { - "Channel": "The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and AWS Health Dashboard to notify for an event.\n\n> In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels.", + "Channel": "The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and Health Dashboard to notify for an event.\n\n> In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels.", "Enabled": "Indicates whether the notification setting is enabled.", "Event": "The event to which this notification setting is applied.", "Threshold": "The number of days before a notification event. This value is required for a notification setting that is enabled." @@ -52171,7 +52171,7 @@ "PrincipalType": "The type of the principal assigned to the application." }, "AWS::SSO::Assignment": { - "InstanceArn": "The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", + "InstanceArn": "The ARN of the instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", "PermissionSetArn": "The ARN of the permission set.", "PrincipalId": "An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the [IAM Identity Center Identity Store API Reference](https://docs.aws.amazon.com//singlesignon/latest/IdentityStoreAPIReference/welcome.html) .", "PrincipalType": "The entity type for which the assignment will be created.", @@ -52187,21 +52187,21 @@ "Value": "The value of the tag." }, "AWS::SSO::InstanceAccessControlAttributeConfiguration": { - "AccessControlAttributes": "Lists the attributes that are configured for ABAC in the specified IAM Identity Center instance.", - "InstanceArn": "The ARN of the IAM Identity Center instance under which the operation will be executed." + "AccessControlAttributes": "Lists the attributes that are configured for ABAC in the specified instance.", + "InstanceArn": "The ARN of the instance under which the operation will be executed." }, "AWS::SSO::InstanceAccessControlAttributeConfiguration AccessControlAttribute": { - "Key": "The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center .", + "Key": "The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in .", "Value": "The value used for mapping a specified attribute to an identity source." }, "AWS::SSO::InstanceAccessControlAttributeConfiguration AccessControlAttributeValue": { - "Source": "The identity source to use when mapping a specified attribute to IAM Identity Center ." + "Source": "The identity source to use when mapping a specified attribute to ." }, "AWS::SSO::PermissionSet": { "CustomerManagedPolicyReferences": "Specifies the names and paths of the customer managed policies that you have attached to your permission set.", "Description": "The description of the `PermissionSet` .", "InlinePolicy": "The inline policy that is attached to the permission set.\n\n> For `Length Constraints` , if a valid ARN is provided for a permission set, it is possible for an empty inline policy to be returned.", - "InstanceArn": "The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", + "InstanceArn": "The ARN of the instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", "ManagedPolicies": "A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy.", "Name": "The name of the permission set.", "PermissionsBoundary": "Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* .\n\n> Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see [IAM JSON policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide* .", @@ -54262,8 +54262,8 @@ }, "AWS::SageMaker::UserProfile": { "DomainId": "The domain ID.", - "SingleSignOnUserIdentifier": "A specifier for the type of value specified in SingleSignOnUserValue. Currently, the only supported value is \"UserName\". If the Domain's AuthMode is IAM Identity Center , this field is required. If the Domain's AuthMode is not IAM Identity Center , this field cannot be specified.", - "SingleSignOnUserValue": "The username of the associated AWS Single Sign-On User for this UserProfile. If the Domain's AuthMode is IAM Identity Center , this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not IAM Identity Center , this field cannot be specified.", + "SingleSignOnUserIdentifier": "A specifier for the type of value specified in SingleSignOnUserValue. Currently, the only supported value is \"UserName\". If the Domain's AuthMode is SSO , this field is required. If the Domain's AuthMode is not SSO , this field cannot be specified.", + "SingleSignOnUserValue": "The username of the associated AWS Single Sign-On User for this UserProfile. If the Domain's AuthMode is SSO , this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not SSO , this field cannot be specified.", "Tags": "An array of key-value pairs to apply to this resource.\n\nTags that you specify for the User Profile are also added to all apps that the User Profile launches.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", "UserProfileName": "The user profile name.", "UserSettings": "A collection of settings that apply to users of Amazon SageMaker Studio." @@ -58001,7 +58001,7 @@ }, "AWS::WorkSpacesWeb::Portal": { "AdditionalEncryptionContext": "The additional encryption context of the portal.", - "AuthenticationType": "The type of authentication integration points used when signing into the web portal. Defaults to `Standard` .\n\n`Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser\u2019s SP metadata with your IdP\u2019s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:\n\n1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource.\n\n2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API.\n\n3. Submit the data to your IdP.\n\n4. Add an `IdentityProvider` resource to your CloudFormation template.\n\n`IAM Identity Center` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.", + "AuthenticationType": "The type of authentication integration points used when signing into the web portal. Defaults to `Standard` .\n\n`Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser\u2019s SP metadata with your IdP\u2019s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:\n\n1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource.\n\n2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API.\n\n3. Submit the data to your IdP.\n\n4. Add an `IdentityProvider` resource to your CloudFormation template.\n\n`SSO` web portals are authenticated through SSOlong . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in SSO . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.", "BrowserSettingsArn": "The ARN of the browser settings that is associated with this web portal.", "CustomerManagedKey": "The customer managed key of the web portal.\n\n*Pattern* : `^arn:[\\w+=\\/,.@-]+:kms:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:key\\/[a-zA-Z0-9-]+$`", "DataProtectionSettingsArn": "The ARN of the data protection settings.", diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index b39a8c19f..32049e3c3 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -31429,6 +31429,12 @@ "markdownDescription": "An array of `BackupRule` objects, each of which specifies a scheduled task that is used to back up a selection of resources.", "title": "BackupPlanRule", "type": "array" + }, + "ScanSettings": { + "items": { + "$ref": "#/definitions/AWS::Backup::BackupPlan.ScanSettingResourceType" + }, + "type": "array" } }, "required": [ @@ -31487,6 +31493,12 @@ "title": "RuleName", "type": "string" }, + "ScanActions": { + "items": { + "$ref": "#/definitions/AWS::Backup::BackupPlan.ScanActionResourceType" + }, + "type": "array" + }, "ScheduleExpression": { "markdownDescription": "A CRON expression specifying when AWS Backup initiates a backup job.", "title": "ScheduleExpression", @@ -31573,6 +31585,36 @@ }, "type": "object" }, + "AWS::Backup::BackupPlan.ScanActionResourceType": { + "additionalProperties": false, + "properties": { + "MalwareScanner": { + "type": "string" + }, + "ScanMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Backup::BackupPlan.ScanSettingResourceType": { + "additionalProperties": false, + "properties": { + "MalwareScanner": { + "type": "string" + }, + "ResourceTypes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ScannerRoleArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Backup::BackupSelection": { "additionalProperties": false, "properties": { @@ -32680,6 +32722,114 @@ }, "type": "object" }, + "AWS::Backup::TieringConfiguration": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "BackupVaultName": { + "type": "string" + }, + "ResourceSelection": { + "items": { + "$ref": "#/definitions/AWS::Backup::TieringConfiguration.ResourceSelection" + }, + "type": "array" + }, + "TieringConfigurationName": { + "type": "string" + }, + "TieringConfigurationTags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "BackupVaultName", + "ResourceSelection", + "TieringConfigurationName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Backup::TieringConfiguration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Backup::TieringConfiguration.ResourceSelection": { + "additionalProperties": false, + "properties": { + "ResourceType": { + "type": "string" + }, + "Resources": { + "items": { + "type": "string" + }, + "type": "array" + }, + "TieringDownSettingsInDays": { + "type": "number" + } + }, + "required": [ + "ResourceType", + "Resources", + "TieringDownSettingsInDays" + ], + "type": "object" + }, "AWS::BackupGateway::Hypervisor": { "additionalProperties": false, "properties": { @@ -44258,7 +44408,6 @@ } }, "required": [ - "CredentialProviderConfigurations", "Name", "TargetConfiguration" ], @@ -44285,6 +44434,89 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::GatewayTarget.ApiGatewayTargetConfiguration": { + "additionalProperties": false, + "properties": { + "ApiGatewayToolConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolConfiguration" + }, + "RestApiId": { + "type": "string" + }, + "Stage": { + "type": "string" + } + }, + "required": [ + "ApiGatewayToolConfiguration", + "RestApiId", + "Stage" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolConfiguration": { + "additionalProperties": false, + "properties": { + "ToolFilters": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolFilter" + }, + "type": "array" + }, + "ToolOverrides": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolOverride" + }, + "type": "array" + } + }, + "required": [ + "ToolFilters" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolFilter": { + "additionalProperties": false, + "properties": { + "FilterPath": { + "type": "string" + }, + "Methods": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "FilterPath", + "Methods" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::GatewayTarget.ApiGatewayToolOverride": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "Method": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Path": { + "type": "string" + } + }, + "required": [ + "Method", + "Name", + "Path" + ], + "type": "object" + }, "AWS::BedrockAgentCore::GatewayTarget.ApiKeyCredentialProvider": { "additionalProperties": false, "properties": { @@ -44402,6 +44634,9 @@ "AWS::BedrockAgentCore::GatewayTarget.McpTargetConfiguration": { "additionalProperties": false, "properties": { + "ApiGateway": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.ApiGatewayTargetConfiguration" + }, "Lambda": { "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.McpLambdaTargetConfiguration", "markdownDescription": "The Lambda MCP configuration for the gateway target.", @@ -57474,6 +57709,12 @@ "markdownDescription": "The name of the key value store.", "title": "Name", "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -63463,7 +63704,7 @@ }, "LoadBalancerInfo": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentGroup.LoadBalancerInfo", - "markdownDescription": "Information about the load balancer to use in a deployment. For more information, see [Integrating CodeDeploy with ELB](https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-elastic-load-balancing.html) in the *AWS CodeDeploy User Guide* .", + "markdownDescription": "Information about the load balancer to use in a deployment. For more information, see [Integrating CodeDeploy with Elastic Load Balancing](https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-elastic-load-balancing.html) in the *AWS CodeDeploy User Guide* .", "title": "LoadBalancerInfo" }, "OnPremisesInstanceTagFilters": { @@ -71875,6 +72116,9 @@ "markdownDescription": "Configuration for language settings of this evaluation form.", "title": "LanguageConfiguration" }, + "ReviewConfiguration": { + "$ref": "#/definitions/AWS::Connect::EvaluationForm.EvaluationReviewConfiguration" + }, "ScoringStrategy": { "$ref": "#/definitions/AWS::Connect::EvaluationForm.ScoringStrategy", "markdownDescription": "A scoring strategy of the evaluation form.", @@ -72561,6 +72805,49 @@ }, "type": "object" }, + "AWS::Connect::EvaluationForm.EvaluationReviewConfiguration": { + "additionalProperties": false, + "properties": { + "EligibilityDays": { + "type": "number" + }, + "ReviewNotificationRecipients": { + "items": { + "$ref": "#/definitions/AWS::Connect::EvaluationForm.EvaluationReviewNotificationRecipient" + }, + "type": "array" + } + }, + "required": [ + "ReviewNotificationRecipients" + ], + "type": "object" + }, + "AWS::Connect::EvaluationForm.EvaluationReviewNotificationRecipient": { + "additionalProperties": false, + "properties": { + "Type": { + "type": "string" + }, + "Value": { + "$ref": "#/definitions/AWS::Connect::EvaluationForm.EvaluationReviewNotificationRecipientValue" + } + }, + "required": [ + "Type", + "Value" + ], + "type": "object" + }, + "AWS::Connect::EvaluationForm.EvaluationReviewNotificationRecipientValue": { + "additionalProperties": false, + "properties": { + "UserId": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Connect::EvaluationForm.MultiSelectQuestionRuleCategoryAutomation": { "additionalProperties": false, "properties": { @@ -115501,6 +115788,9 @@ "title": "Ec2InstanceProfileArn", "type": "string" }, + "FipsEnabled": { + "type": "boolean" + }, "InstanceRequirements": { "$ref": "#/definitions/AWS::ECS::CapacityProvider.InstanceRequirementsRequest", "markdownDescription": "The instance requirements. You can specify:\n\n- The instance types\n- Instance requirements such as vCPU count, memory, network performance, and accelerator specifications\n\nAmazon ECS automatically selects the instances that match the specified criteria.", @@ -115703,6 +115993,7 @@ } }, "required": [ + "SecurityGroups", "Subnets" ], "type": "object" @@ -123845,7 +124136,7 @@ "additionalProperties": false, "properties": { "AuthMode": { - "markdownDescription": "Specifies whether the Studio authenticates users using IAM Identity Center or IAM.", + "markdownDescription": "Specifies whether the Studio authenticates users using SSO or IAM.", "title": "AuthMode", "type": "string" }, @@ -124005,7 +124296,7 @@ "additionalProperties": false, "properties": { "IdentityName": { - "markdownDescription": "The name of the user or group. For more information, see [UserName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html#singlesignon-Type-User-UserName) and [DisplayName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html#singlesignon-Type-Group-DisplayName) in the *IAM Identity Center Identity Store API Reference* .", + "markdownDescription": "The name of the user or group. For more information, see [UserName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html#singlesignon-Type-User-UserName) and [DisplayName](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html#singlesignon-Type-Group-DisplayName) in the *Identity Store API Reference* .", "title": "IdentityName", "type": "string" }, @@ -139372,8 +139663,7 @@ } }, "required": [ - "MaxSize", - "MinSize" + "MaxSize" ], "type": "object" }, @@ -140160,8 +140450,7 @@ } }, "required": [ - "MaxSize", - "MinSize" + "MaxSize" ], "type": "object" }, @@ -141093,6 +141382,9 @@ "title": "Name", "type": "string" }, + "NodeJsVersion": { + "type": "string" + }, "StorageLocation": { "$ref": "#/definitions/AWS::GameLift::Script.S3Location", "markdownDescription": "The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift Servers to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift Servers uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the `ObjectVersion` parameter to specify an earlier version.", @@ -146147,7 +146439,7 @@ "items": { "type": "string" }, - "markdownDescription": "Specifies whether this workspace uses SAML 2.0, AWS IAM Identity Center , or both to authenticate users for using the Grafana console within a workspace. For more information, see [User authentication in Amazon Managed Grafana](https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html) .\n\n*Allowed Values* : `AWS_SSO | SAML`", + "markdownDescription": "Specifies whether this workspace uses SAML 2.0, SSOlong , or both to authenticate users for using the Grafana console within a workspace. For more information, see [User authentication in Amazon Managed Grafana](https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG.html) .\n\n*Allowed Values* : `AWS_SSO | SAML`", "title": "AuthenticationProviders", "type": "array" }, @@ -161606,6 +161898,12 @@ "title": "DefaultLogLevel", "type": "string" }, + "EventConfigurations": { + "items": { + "$ref": "#/definitions/AWS::IoT::Logging.EventConfiguration" + }, + "type": "array" + }, "RoleArn": { "markdownDescription": "The role ARN used for the log.", "title": "RoleArn", @@ -161640,6 +161938,24 @@ ], "type": "object" }, + "AWS::IoT::Logging.EventConfiguration": { + "additionalProperties": false, + "properties": { + "EventType": { + "type": "string" + }, + "LogDestination": { + "type": "string" + }, + "LogLevel": { + "type": "string" + } + }, + "required": [ + "EventType" + ], + "type": "object" + }, "AWS::IoT::MitigationAction": { "additionalProperties": false, "properties": { @@ -171013,7 +171329,7 @@ "type": "string" }, "PortalAuthMode": { - "markdownDescription": "The service to use to authenticate users to the portal. Choose from the following options:\n\n- `SSO` \u2013 The portal uses AWS IAM Identity Center to authenticate users and manage user permissions. Before you can create a portal that uses IAM Identity Center, you must enable IAM Identity Center. For more information, see [Enabling IAM Identity Center](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) in the *AWS IoT SiteWise User Guide* . This option is only available in AWS Regions other than the China Regions.\n- `IAM` \u2013 The portal uses AWS Identity and Access Management to authenticate users and manage user permissions.\n\nYou can't change this value after you create a portal.\n\nDefault: `SSO`", + "markdownDescription": "The service to use to authenticate users to the portal. Choose from the following options:\n\n- `SSO` \u2013 The portal uses SSOlong to authenticate users and manage user permissions. Before you can create a portal that uses IAM Identity Center, you must enable IAM Identity Center. For more information, see [Enabling IAM Identity Center](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) in the *AWS IoT SiteWise User Guide* . This option is only available in AWS Regions other than the China Regions.\n- `IAM` \u2013 The portal uses AWS Identity and Access Management to authenticate users and manage user permissions.\n\nYou can't change this value after you create a portal.\n\nDefault: `SSO`", "title": "PortalAuthMode", "type": "string" }, @@ -174892,6 +175208,7 @@ } }, "required": [ + "McuCount", "WorkerCount" ], "type": "object" @@ -194237,7 +194554,7 @@ "properties": { "IamIdentityCenter": { "$ref": "#/definitions/AWS::MPA::IdentitySource.IamIdentityCenter", - "markdownDescription": "AWS IAM Identity Center credentials.", + "markdownDescription": "SSOlong credentials.", "title": "IamIdentityCenter" } }, @@ -196023,6 +196340,175 @@ }, "type": "object" }, + "AWS::MWAAServerless::Workflow": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DefinitionS3Location": { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow.S3Location" + }, + "Description": { + "type": "string" + }, + "EncryptionConfiguration": { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow.EncryptionConfiguration" + }, + "LoggingConfiguration": { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow.LoggingConfiguration" + }, + "Name": { + "type": "string" + }, + "NetworkConfiguration": { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow.NetworkConfiguration" + }, + "RoleArn": { + "type": "string" + }, + "Tags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "TriggerMode": { + "type": "string" + } + }, + "required": [ + "DefinitionS3Location", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::MWAAServerless::Workflow" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::MWAAServerless::Workflow.EncryptionConfiguration": { + "additionalProperties": false, + "properties": { + "KmsKeyId": { + "type": "string" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::MWAAServerless::Workflow.LoggingConfiguration": { + "additionalProperties": false, + "properties": { + "LogGroupName": { + "type": "string" + } + }, + "required": [ + "LogGroupName" + ], + "type": "object" + }, + "AWS::MWAAServerless::Workflow.NetworkConfiguration": { + "additionalProperties": false, + "properties": { + "SecurityGroupIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SubnetIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::MWAAServerless::Workflow.S3Location": { + "additionalProperties": false, + "properties": { + "Bucket": { + "type": "string" + }, + "ObjectKey": { + "type": "string" + }, + "VersionId": { + "type": "string" + } + }, + "required": [ + "Bucket", + "ObjectKey" + ], + "type": "object" + }, + "AWS::MWAAServerless::Workflow.ScheduleConfiguration": { + "additionalProperties": false, + "properties": { + "CronExpression": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Macie::AllowList": { "additionalProperties": false, "properties": { @@ -200885,6 +201371,9 @@ "markdownDescription": "The input specification for this channel. It specifies the key characteristics of the inputs for this channel: the maximum bitrate, the resolution, and the codec.", "title": "InputSpecification" }, + "LinkedChannelSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.LinkedChannelSettings" + }, "LogLevel": { "markdownDescription": "The verbosity for logging activity for this channel. Charges for logging (which are generated through Amazon CloudWatch Logging) are higher for higher verbosities.", "title": "LogLevel", @@ -202903,6 +203392,18 @@ }, "type": "object" }, + "AWS::MediaLive::Channel.FollowerChannelSettings": { + "additionalProperties": false, + "properties": { + "LinkedChannelType": { + "type": "string" + }, + "PrimaryChannelArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.FrameCaptureCdnSettings": { "additionalProperties": false, "properties": { @@ -204269,6 +204770,18 @@ }, "type": "object" }, + "AWS::MediaLive::Channel.LinkedChannelSettings": { + "additionalProperties": false, + "properties": { + "FollowerChannelSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.FollowerChannelSettings" + }, + "PrimaryChannelSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.PrimaryChannelSettings" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.M2tsSettings": { "additionalProperties": false, "properties": { @@ -205563,7 +206076,20 @@ }, "AWS::MediaLive::Channel.PipelineLockingSettings": { "additionalProperties": false, - "properties": {}, + "properties": { + "PipelineLockingMethod": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::MediaLive::Channel.PrimaryChannelSettings": { + "additionalProperties": false, + "properties": { + "LinkedChannelType": { + "type": "string" + } + }, "type": "object" }, "AWS::MediaLive::Channel.RawSettings": { @@ -219822,7 +220348,7 @@ "additionalProperties": false, "properties": { "Filter": { - "markdownDescription": "When used in `MetricConfiguration` this field specifies which metric namespaces are to be shared with the monitoring account\n\nWhen used in `LogGroupConfiguration` this field specifies which log groups are to share their log events with the monitoring account. Use the term `LogGroupName` and one or more of the following operands.\n\nUse single quotation marks (') around log group names and metric namespaces.\n\nThe matching of log group names and metric namespaces is case sensitive. Each filter has a limit of five conditional operands. Conditional operands are `AND` and `OR` .\n\n- `=` and `!=`\n- `AND`\n- `OR`\n- `LIKE` and `NOT LIKE` . These can be used only as prefix searches. Include a `%` at the end of the string that you want to search for and include.\n- `IN` and `NOT IN` , using parentheses `( )`\n\nExamples:\n\n- `Namespace NOT LIKE 'AWS/%'` includes only namespaces that don't start with `AWS/` , such as custom namespaces.\n- `Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3')` includes only the metrics in the EC2, ELB , and Amazon S3 namespaces.\n- `Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%'` includes only the EC2 namespace and your custom namespaces.\n- `LogGroupName IN ('This-Log-Group', 'Other-Log-Group')` includes only the log groups with names `This-Log-Group` and `Other-Log-Group` .\n- `LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2')` includes all log groups except the log groups with names `Private-Log-Group` and `Private-Log-Group-2` .\n- `LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%'` includes all log groups that have names that start with `aws/lambda/` or `AWSLogs` .\n\n> If you are updating a link that uses filters, you can specify `*` as the only value for the `filter` parameter to delete the filter and share all log groups with the monitoring account.", + "markdownDescription": "When used in `MetricConfiguration` this field specifies which metric namespaces are to be shared with the monitoring account\n\nWhen used in `LogGroupConfiguration` this field specifies which log groups are to share their log events with the monitoring account. Use the term `LogGroupName` and one or more of the following operands.\n\nUse single quotation marks (') around log group names and metric namespaces.\n\nThe matching of log group names and metric namespaces is case sensitive. Each filter has a limit of five conditional operands. Conditional operands are `AND` and `OR` .\n\n- `=` and `!=`\n- `AND`\n- `OR`\n- `LIKE` and `NOT LIKE` . These can be used only as prefix searches. Include a `%` at the end of the string that you want to search for and include.\n- `IN` and `NOT IN` , using parentheses `( )`\n\nExamples:\n\n- `Namespace NOT LIKE 'AWS/%'` includes only namespaces that don't start with `AWS/` , such as custom namespaces.\n- `Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3')` includes only the metrics in the EC2, Elastic Load Balancing , and Amazon S3 namespaces.\n- `Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%'` includes only the EC2 namespace and your custom namespaces.\n- `LogGroupName IN ('This-Log-Group', 'Other-Log-Group')` includes only the log groups with names `This-Log-Group` and `Other-Log-Group` .\n- `LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2')` includes all log groups except the log groups with names `Private-Log-Group` and `Private-Log-Group-2` .\n- `LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%'` includes all log groups that have names that start with `aws/lambda/` or `AWSLogs` .\n\n> If you are updating a link that uses filters, you can specify `*` as the only value for the `filter` parameter to delete the filter and share all log groups with the monitoring account.", "title": "Filter", "type": "string" } @@ -222677,11 +223203,17 @@ "Properties": { "additionalProperties": false, "properties": { + "CollectionGroupName": { + "type": "string" + }, "Description": { "markdownDescription": "A description of the collection.", "title": "Description", "type": "string" }, + "EncryptionConfig": { + "$ref": "#/definitions/AWS::OpenSearchServerless::Collection.EncryptionConfig" + }, "Name": { "markdownDescription": "The name of the collection.\n\nCollection names must meet the following criteria:\n\n- Starts with a lowercase letter\n- Unique to your account and AWS Region\n- Contains between 3 and 28 characters\n- Contains only lowercase letters a-z, the numbers 0-9, and the hyphen (-)", "title": "Name", @@ -222732,6 +223264,18 @@ ], "type": "object" }, + "AWS::OpenSearchServerless::Collection.EncryptionConfig": { + "additionalProperties": false, + "properties": { + "AWSOwnedKey": { + "type": "boolean" + }, + "KmsKeyArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::OpenSearchServerless::Index": { "additionalProperties": false, "properties": { @@ -237421,6 +237965,334 @@ }, "type": "object" }, + "AWS::QuickSight::ActionConnector": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ActionConnectorId": { + "type": "string" + }, + "AuthenticationConfig": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthConfig" + }, + "AwsAccountId": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Permissions": { + "items": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.ResourcePermission" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "Type": { + "type": "string" + }, + "VpcConnectionArn": { + "type": "string" + } + }, + "required": [ + "ActionConnectorId", + "AwsAccountId", + "Name", + "Type" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::QuickSight::ActionConnector" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.APIKeyConnectionMetadata": { + "additionalProperties": false, + "properties": { + "ApiKey": { + "type": "string" + }, + "BaseEndpoint": { + "type": "string" + }, + "Email": { + "type": "string" + } + }, + "required": [ + "ApiKey", + "BaseEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthConfig": { + "additionalProperties": false, + "properties": { + "AuthenticationMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthenticationMetadata" + }, + "AuthenticationType": { + "type": "string" + } + }, + "required": [ + "AuthenticationMetadata", + "AuthenticationType" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthenticationMetadata": { + "additionalProperties": false, + "properties": { + "ApiKeyConnectionMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.APIKeyConnectionMetadata" + }, + "AuthorizationCodeGrantMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthorizationCodeGrantMetadata" + }, + "BasicAuthConnectionMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.BasicAuthConnectionMetadata" + }, + "ClientCredentialsGrantMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.ClientCredentialsGrantMetadata" + }, + "IamConnectionMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.IAMConnectionMetadata" + }, + "NoneConnectionMetadata": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.NoneConnectionMetadata" + } + }, + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthorizationCodeGrantCredentialsDetails": { + "additionalProperties": false, + "properties": { + "AuthorizationCodeGrantDetails": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthorizationCodeGrantDetails" + } + }, + "required": [ + "AuthorizationCodeGrantDetails" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthorizationCodeGrantDetails": { + "additionalProperties": false, + "properties": { + "AuthorizationEndpoint": { + "type": "string" + }, + "ClientId": { + "type": "string" + }, + "ClientSecret": { + "type": "string" + }, + "TokenEndpoint": { + "type": "string" + } + }, + "required": [ + "AuthorizationEndpoint", + "ClientId", + "ClientSecret", + "TokenEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.AuthorizationCodeGrantMetadata": { + "additionalProperties": false, + "properties": { + "AuthorizationCodeGrantCredentialsDetails": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.AuthorizationCodeGrantCredentialsDetails" + }, + "AuthorizationCodeGrantCredentialsSource": { + "type": "string" + }, + "BaseEndpoint": { + "type": "string" + }, + "RedirectUrl": { + "type": "string" + } + }, + "required": [ + "BaseEndpoint", + "RedirectUrl" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.BasicAuthConnectionMetadata": { + "additionalProperties": false, + "properties": { + "BaseEndpoint": { + "type": "string" + }, + "Password": { + "type": "string" + }, + "Username": { + "type": "string" + } + }, + "required": [ + "BaseEndpoint", + "Password", + "Username" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.ClientCredentialsDetails": { + "additionalProperties": false, + "properties": { + "ClientCredentialsGrantDetails": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.ClientCredentialsGrantDetails" + } + }, + "required": [ + "ClientCredentialsGrantDetails" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.ClientCredentialsGrantDetails": { + "additionalProperties": false, + "properties": { + "ClientId": { + "type": "string" + }, + "ClientSecret": { + "type": "string" + }, + "TokenEndpoint": { + "type": "string" + } + }, + "required": [ + "ClientId", + "ClientSecret", + "TokenEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.ClientCredentialsGrantMetadata": { + "additionalProperties": false, + "properties": { + "BaseEndpoint": { + "type": "string" + }, + "ClientCredentialsDetails": { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector.ClientCredentialsDetails" + }, + "ClientCredentialsSource": { + "type": "string" + } + }, + "required": [ + "BaseEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.IAMConnectionMetadata": { + "additionalProperties": false, + "properties": { + "RoleArn": { + "type": "string" + } + }, + "required": [ + "RoleArn" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.NoneConnectionMetadata": { + "additionalProperties": false, + "properties": { + "BaseEndpoint": { + "type": "string" + } + }, + "required": [ + "BaseEndpoint" + ], + "type": "object" + }, + "AWS::QuickSight::ActionConnector.ResourcePermission": { + "additionalProperties": false, + "properties": { + "Actions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Principal": { + "type": "string" + } + }, + "required": [ + "Actions", + "Principal" + ], + "type": "object" + }, "AWS::QuickSight::Analysis": { "additionalProperties": false, "properties": { @@ -294388,7 +295260,7 @@ "additionalProperties": false, "properties": { "Channel": { - "markdownDescription": "The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and AWS Health Dashboard to notify for an event.\n\n> In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels.", + "markdownDescription": "The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and Health Dashboard to notify for an event.\n\n> In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels.", "title": "Channel", "type": "string" }, @@ -311778,7 +312650,7 @@ "additionalProperties": false, "properties": { "InstanceArn": { - "markdownDescription": "The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", + "markdownDescription": "The ARN of the instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", "title": "InstanceArn", "type": "string" }, @@ -311949,12 +312821,12 @@ "items": { "$ref": "#/definitions/AWS::SSO::InstanceAccessControlAttributeConfiguration.AccessControlAttribute" }, - "markdownDescription": "Lists the attributes that are configured for ABAC in the specified IAM Identity Center instance.", + "markdownDescription": "Lists the attributes that are configured for ABAC in the specified instance.", "title": "AccessControlAttributes", "type": "array" }, "InstanceArn": { - "markdownDescription": "The ARN of the IAM Identity Center instance under which the operation will be executed.", + "markdownDescription": "The ARN of the instance under which the operation will be executed.", "title": "InstanceArn", "type": "string" } @@ -311989,7 +312861,7 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center .", + "markdownDescription": "The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in .", "title": "Key", "type": "string" }, @@ -312012,7 +312884,7 @@ "items": { "type": "string" }, - "markdownDescription": "The identity source to use when mapping a specified attribute to IAM Identity Center .", + "markdownDescription": "The identity source to use when mapping a specified attribute to .", "title": "Source", "type": "array" } @@ -312076,7 +312948,7 @@ "type": "object" }, "InstanceArn": { - "markdownDescription": "The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", + "markdownDescription": "The ARN of the instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* .", "title": "InstanceArn", "type": "string" }, @@ -323547,12 +324419,12 @@ "type": "string" }, "SingleSignOnUserIdentifier": { - "markdownDescription": "A specifier for the type of value specified in SingleSignOnUserValue. Currently, the only supported value is \"UserName\". If the Domain's AuthMode is IAM Identity Center , this field is required. If the Domain's AuthMode is not IAM Identity Center , this field cannot be specified.", + "markdownDescription": "A specifier for the type of value specified in SingleSignOnUserValue. Currently, the only supported value is \"UserName\". If the Domain's AuthMode is SSO , this field is required. If the Domain's AuthMode is not SSO , this field cannot be specified.", "title": "SingleSignOnUserIdentifier", "type": "string" }, "SingleSignOnUserValue": { - "markdownDescription": "The username of the associated AWS Single Sign-On User for this UserProfile. If the Domain's AuthMode is IAM Identity Center , this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not IAM Identity Center , this field cannot be specified.", + "markdownDescription": "The username of the associated AWS Single Sign-On User for this UserProfile. If the Domain's AuthMode is SSO , this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not SSO , this field cannot be specified.", "title": "SingleSignOnUserValue", "type": "string" }, @@ -349402,7 +350274,7 @@ "type": "object" }, "AuthenticationType": { - "markdownDescription": "The type of authentication integration points used when signing into the web portal. Defaults to `Standard` .\n\n`Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser\u2019s SP metadata with your IdP\u2019s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:\n\n1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource.\n\n2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API.\n\n3. Submit the data to your IdP.\n\n4. Add an `IdentityProvider` resource to your CloudFormation template.\n\n`IAM Identity Center` web portals are authenticated through AWS IAM Identity Center . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in IAM Identity Center . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.", + "markdownDescription": "The type of authentication integration points used when signing into the web portal. Defaults to `Standard` .\n\n`Standard` web portals are authenticated directly through your identity provider (IdP). User and group access to your web portal is controlled through your IdP. You need to include an IdP resource in your template to integrate your IdP with your web portal. Completing the configuration for your IdP requires exchanging WorkSpaces Secure Browser\u2019s SP metadata with your IdP\u2019s IdP metadata. If your IdP requires the SP metadata first before returning the IdP metadata, you should follow these steps:\n\n1. Create and deploy a CloudFormation template with a `Standard` portal with no `IdentityProvider` resource.\n\n2. Retrieve the SP metadata using `Fn:GetAtt` , the WorkSpaces Secure Browser console, or by the calling the `GetPortalServiceProviderMetadata` API.\n\n3. Submit the data to your IdP.\n\n4. Add an `IdentityProvider` resource to your CloudFormation template.\n\n`SSO` web portals are authenticated through SSOlong . They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration) and other identity provider information must be configured in SSO . User and group assignment must be done through the WorkSpaces Secure Browser console. These cannot be configured in CloudFormation.", "title": "AuthenticationType", "type": "string" }, @@ -351990,6 +352862,9 @@ { "$ref": "#/definitions/AWS::Backup::RestoreTestingSelection" }, + { + "$ref": "#/definitions/AWS::Backup::TieringConfiguration" + }, { "$ref": "#/definitions/AWS::BackupGateway::Hypervisor" }, @@ -354378,6 +355253,9 @@ { "$ref": "#/definitions/AWS::MWAA::Environment" }, + { + "$ref": "#/definitions/AWS::MWAAServerless::Workflow" + }, { "$ref": "#/definitions/AWS::Macie::AllowList" }, @@ -354960,6 +355838,9 @@ { "$ref": "#/definitions/AWS::QLDB::Stream" }, + { + "$ref": "#/definitions/AWS::QuickSight::ActionConnector" + }, { "$ref": "#/definitions/AWS::QuickSight::Analysis" },