Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: update L1 CloudFormation resource definitions (#31484)
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-amplify │ └ resources │ └[~] resource AWS::Amplify::App │ ├ properties │ │ ├ CacheConfig: (documentation changed) │ │ └ Platform: (documentation changed) │ └ types │ └[~] type CacheConfig │ ├ - documentation: undefined │ │ + documentation: Describes the cache configuration for an Amplify app. │ │ For more information about how Amplify applies an optimal cache configuration for your app based on the type of content that is being served, see [Managing cache configuration](https://docs.aws.amazon.com/amplify/latest/userguide/managing-cache-configuration) in the *Amplify User guide* . │ └ properties │ └ Type: (documentation changed) ├[~] service aws-appconfig │ └ resources │ └[~] resource AWS::AppConfig::ConfigurationProfile │ └ properties │ └ LocationUri: (documentation changed) ├[~] service aws-applicationinsights │ └ resources │ └[~] resource AWS::ApplicationInsights::Application │ ├ properties │ │ └ ComponentMonitoringSettings: (documentation changed) │ └ types │ ├[~] type ComponentMonitoringSetting │ │ └ properties │ │ ├ ComponentARN: (documentation changed) │ │ └ ComponentName: (documentation changed) │ ├[~] type ConfigurationDetails │ │ └ properties │ │ ├[+] NetWeaverPrometheusExporter: NetWeaverPrometheusExporter │ │ ├[+] Processes: Array<Process> │ │ └[+] SQLServerPrometheusExporter: SQLServerPrometheusExporter │ ├[+] type NetWeaverPrometheusExporter │ │ ├ documentation: The NetWeaver Prometheus Exporter Settings. │ │ │ name: NetWeaverPrometheusExporter │ │ └ properties │ │ ├SAPSID: string (required) │ │ ├InstanceNumbers: Array<string> (required) │ │ └PrometheusPort: string │ ├[+] type Process │ │ ├ documentation: A process to be monitored for the component. │ │ │ name: Process │ │ └ properties │ │ ├ProcessName: string (required) │ │ └AlarmMetrics: Array<AlarmMetric> (required) │ ├[+] type SQLServerPrometheusExporter │ │ ├ documentation: The SQL prometheus exporter settings. │ │ │ name: SQLServerPrometheusExporter │ │ └ properties │ │ ├PrometheusPort: string (required) │ │ └SQLSecretName: string (required) │ └[~] type SubComponentConfigurationDetails │ └ properties │ └[+] Processes: Array<Process> ├[~] service aws-applicationsignals │ └ resources │ └[~] resource AWS::ApplicationSignals::ServiceLevelObjective │ ├ - documentation: Creates or updates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want. │ │ Create an SLO to set a target for a service or operation’s availability or latency. CloudWatch measures this target frequently you can find whether it has been breached. │ │ When you create an SLO, you set an *attainment goal* for it. An *attainment goal* is the ratio of good periods that meet the threshold requirements to the total periods within the interval. For example, an attainment goal of 99.9% means that within your interval, you are targeting 99.9% of the periods to be in healthy state. │ │ After you have created an SLO, you can retrieve error budget reports for it. An *error budget* is the number of periods or amount of time that your service can accumulate during an interval before your overall SLO budget health is breached and the SLO is considered to be unmet. for example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month. │ │ When you call this operation, Application Signals creates the *AWSServiceRoleForCloudWatchApplicationSignals* service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions: │ │ - `xray:GetServiceGraph` │ │ - `logs:StartQuery` │ │ - `logs:GetQueryResults` │ │ - `cloudwatch:GetMetricData` │ │ - `cloudwatch:ListMetrics` │ │ - `tag:GetResources` │ │ - `autoscaling:DescribeAutoScalingGroups` │ │ You can easily set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series. │ │ For more information about SLOs, see [Service level objectives (SLOs)](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html) . │ │ + documentation: Creates or updates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want. │ │ Create an SLO to set a target for a service or operation’s availability or latency. CloudWatch measures this target frequently you can find whether it has been breached. │ │ The target performance quality that is defined for an SLO is the *attainment goal* . An attainment goal is the percentage of time or requests that the SLI is expected to meet the threshold over each time interval. For example, an attainment goal of 99.9% means that within your interval, you are targeting 99.9% of the periods to be in healthy state. │ │ When you create an SLO, you specify whether it is a *period-based SLO* or a *request-based SLO* . Each type of SLO has a different way of evaluating your application's performance against its attainment goal. │ │ - A *period-based SLO* uses defined *periods* of time within a specified total time interval. For each period of time, Application Signals determines whether the application met its goal. The attainment rate is calculated as the `number of good periods/number of total periods` . │ │ For example, for a period-based SLO, meeting an attainment goal of 99.9% means that within your interval, your application must meet its performance goal during at least 99.9% of the time periods. │ │ - A *request-based SLO* doesn't use pre-defined periods of time. Instead, the SLO measures `number of good requests/number of total requests` during the interval. At any time, you can find the ratio of good requests to total requests for the interval up to the time stamp that you specify, and measure that ratio against the goal set in your SLO. │ │ After you have created an SLO, you can retrieve error budget reports for it. An *error budget* is the amount of time or amount of requests that your application can be non-compliant with the SLO's goal, and still have your application meet the goal. │ │ - For a period-based SLO, the error budget starts at a number defined by the highest number of periods that can fail to meet the threshold, while still meeting the overall goal. The *remaining error budget* decreases with every failed period that is recorded. The error budget within one interval can never increase. │ │ For example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month. │ │ - For a request-based SLO, the remaining error budget is dynamic and can increase or decrease, depending on the ratio of good requests to total requests. │ │ When you call this operation, Application Signals creates the *AWSServiceRoleForCloudWatchApplicationSignals* service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions: │ │ - `xray:GetServiceGraph` │ │ - `logs:StartQuery` │ │ - `logs:GetQueryResults` │ │ - `cloudwatch:GetMetricData` │ │ - `cloudwatch:ListMetrics` │ │ - `tag:GetResources` │ │ - `autoscaling:DescribeAutoScalingGroups` │ │ You can easily set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series. │ │ You cannot change from a period-based SLO to a request-based SLO, or change from a request-based SLO to a period-based SLO. │ │ For more information about SLOs, see [Service level objectives (SLOs)](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html) . │ ├ properties │ │ ├ RequestBasedSli: (documentation changed) │ │ └ Sli: - Sli (required) │ │ + Sli │ │ (documentation changed) │ └ types │ ├[~] type Goal │ │ └ properties │ │ └ AttainmentGoal: (documentation changed) │ ├[~] type MonitoredRequestCountMetric │ │ └ properties │ │ ├ BadCountMetric: (documentation changed) │ │ └ GoodCountMetric: (documentation changed) │ ├[~] type RequestBasedSli │ │ └ properties │ │ ├ MetricThreshold: (documentation changed) │ │ └ RequestBasedSliMetric: (documentation changed) │ └[~] type RequestBasedSliMetric │ └ properties │ ├ KeyAttributes: (documentation changed) │ ├ MetricType: (documentation changed) │ ├ MonitoredRequestCountMetric: (documentation changed) │ └ TotalRequestCountMetric: (documentation changed) ├[~] service aws-athena │ └ resources │ └[~] resource AWS::Athena::WorkGroup │ └ types │ ├[~] type AclConfiguration │ │ ├ - documentation: Indicates that an Amazon S3 canned ACL should be set to control ownership of stored query results. When Athena stores query results in Amazon S3, the canned ACL is set with the `x-amz-acl` request header. For more information about S3 Object Ownership, see [Object Ownership settings](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html#object-ownership-overview) in the *Amazon S3 User Guide* . │ │ │ + documentation: Indicates that an Amazon S3 canned ACL should be set to control ownership of stored query results, including data files inserted by Athena as the result of statements like CTAS or INSERT INTO. When Athena stores query results in Amazon S3, the canned ACL is set with the `x-amz-acl` request header. For more information about S3 Object Ownership, see [Object Ownership settings](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html#object-ownership-overview) in the *Amazon S3 User Guide* . │ │ └ properties │ │ └ S3AclOption: (documentation changed) │ ├[~] type ResultConfiguration │ │ └ properties │ │ ├ EncryptionConfiguration: (documentation changed) │ │ └ OutputLocation: (documentation changed) │ ├[~] type ResultConfigurationUpdates │ │ └ properties │ │ ├ RemoveEncryptionConfiguration: (documentation changed) │ │ └ RemoveOutputLocation: (documentation changed) │ └[~] type WorkGroupConfiguration │ └ properties │ ├ EnforceWorkGroupConfiguration: (documentation changed) │ └ ResultConfiguration: (documentation changed) ├[~] service aws-auditmanager │ └ resources │ └[~] resource AWS::AuditManager::Assessment │ └ types │ ├[~] type AWSService │ │ ├ - documentation: The `AWSService` property type specifies an such as Amazon S3 , AWS CloudTrail , and so on. │ │ │ + documentation: The `AWSService` property type specifies an AWS service such as Amazon S3 , AWS CloudTrail , and so on. │ │ └ properties │ │ └ ServiceName: (documentation changed) │ └[~] type Scope │ └ properties │ └ AwsServices: (documentation changed) ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::Agent │ │ └ types │ │ └[~] type PromptOverrideConfiguration │ │ └ properties │ │ └ OverrideLambda: (documentation changed) │ ├[~] resource AWS::Bedrock::DataSource │ │ └ types │ │ ├[~] type BedrockFoundationModelConfiguration │ │ │ ├ - documentation: Settings for a foundation model used to parse documents for a data source. │ │ │ │ + documentation: Settings for a foundation model or [inference profile](https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference.html) used to parse documents for a data source. │ │ │ └ properties │ │ │ └ ModelArn: (documentation changed) │ │ └[~] type ParsingConfiguration │ │ └ - documentation: Settings for parsing document contents. By default, the service converts the contents of each document into text before splitting it into chunks. To improve processing of PDF files with tables and images, you can configure the data source to convert the pages of text into images and use a model to describe the contents of each page. │ │ To use a model to parse PDF documents, set the parsing strategy to `BEDROCK_FOUNDATION_MODEL` and specify the model to use by ARN. You can also override the default parsing prompt with instructions for how to interpret images and tables in your documents. The following models are supported. │ │ - Anthropic Claude 3 Sonnet - `anthropic.claude-3-sonnet-20240229-v1:0` │ │ - Anthropic Claude 3 Haiku - `anthropic.claude-3-haiku-20240307-v1:0` │ │ You can get the ARN of a model with the [ListFoundationModels](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html) action. Standard model usage charges apply for the foundation model parsing strategy. │ │ + documentation: Settings for parsing document contents. By default, the service converts the contents of each document into text before splitting it into chunks. To improve processing of PDF files with tables and images, you can configure the data source to convert the pages of text into images and use a model to describe the contents of each page. │ │ To use a model to parse PDF documents, set the parsing strategy to `BEDROCK_FOUNDATION_MODEL` and specify the model or [inference profile](https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference.html) to use by ARN. You can also override the default parsing prompt with instructions for how to interpret images and tables in your documents. The following models are supported. │ │ - Anthropic Claude 3 Sonnet - `anthropic.claude-3-sonnet-20240229-v1:0` │ │ - Anthropic Claude 3 Haiku - `anthropic.claude-3-haiku-20240307-v1:0` │ │ You can get the ARN of a model with the [ListFoundationModels](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html) action. Standard model usage charges apply for the foundation model parsing strategy. │ └[~] resource AWS::Bedrock::Guardrail │ └ - documentation: Creates a guardrail to block topics and to implement safeguards for your generative AI applications. │ You can configure the following policies in a guardrail to avoid undesirable and harmful content, filter out denied topics and words, and remove sensitive information for privacy protection. │ - *Content filters* - Adjust filter strengths to block input prompts or model responses containing harmful content. │ - *Denied topics* - Define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses. │ - *Word filters* - Configure filters to block undesirable words, phrases, and profanity. Such words can include offensive terms, competitor names etc. │ - *Sensitive information filters* - Block or mask sensitive information such as personally identifiable information (PII) or custom regex in user inputs and model responses. │ In addition to the above policies, you can also configure the messages to be returned to the user if a user input or model response is in violation of the policies defined in the guardrail. │ For more information, see [Guardrails for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html) in the *Amazon Bedrock User Guide* . │ + documentation: Creates a guardrail to block topics and to implement safeguards for your generative AI applications. │ You can configure the following policies in a guardrail to avoid undesirable and harmful content, filter out denied topics and words, and remove sensitive information for privacy protection. │ - *Content filters* - Adjust filter strengths to block input prompts or model responses containing harmful content. │ - *Denied topics* - Define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses. │ - *Word filters* - Configure filters to block undesirable words, phrases, and profanity. Such words can include offensive terms, competitor names etc. │ - *Sensitive information filters* - Block or mask sensitive information such as personally identifiable information (PII) or custom regex in user inputs and model responses. │ In addition to the above policies, you can also configure the messages to be returned to the user if a user input or model response is in violation of the policies defined in the guardrail. │ For more information, see [Amazon Bedrock Guardrails](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html) in the *Amazon Bedrock User Guide* . ├[~] service aws-codebuild │ └ resources │ └[~] resource AWS::CodeBuild::Fleet │ └ properties │ ├ ComputeType: (documentation changed) │ ├ EnvironmentType: (documentation changed) │ ├ FleetVpcConfig: (documentation changed) │ └ ImageId: (documentation changed) ├[~] service aws-codeconnections │ └ resources │ └[~] resource AWS::CodeConnections::Connection │ └ attributes │ └ ConnectionArn: (documentation changed) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::LogDeliveryConfiguration │ │ ├ - documentation: The logging parameters of a user pool returned in response to `GetLogDeliveryConfiguration` . │ │ │ + documentation: The logging parameters of a user pool, as returned in the response to a [GetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html) request. │ │ └ types │ │ ├[~] type CloudWatchLogsConfiguration │ │ │ └ - documentation: Configuration for the CloudWatch log group destination of user pool detailed activity logging, or of user activity log export with advanced security features. │ │ │ + documentation: Configuration for the CloudWatch log group destination of user pool detailed activity logging, or of user activity log export with advanced security features. │ │ │ This data type is a request parameter of [SetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html) and a response parameter of [GetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html) . │ │ └[~] type LogConfiguration │ │ ├ - documentation: The logging parameters of a user pool. │ │ │ + documentation: The configuration of user event logs to an external AWS service like Amazon Data Firehose, Amazon S3, or Amazon CloudWatch Logs. │ │ │ This data type is a request parameter of [SetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html) and a response parameter of [GetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html) . │ │ └ properties │ │ └ CloudWatchLogsConfiguration: (documentation changed) │ ├[~] resource AWS::Cognito::UserPool │ │ ├ properties │ │ │ ├ AdminCreateUserConfig: (documentation changed) │ │ │ ├[+] EmailAuthenticationMessage: string │ │ │ ├[+] EmailAuthenticationSubject: string │ │ │ ├ LambdaConfig: (documentation changed) │ │ │ ├ Policies: (documentation changed) │ │ │ └ VerificationMessageTemplate: (documentation changed) │ │ └ types │ │ ├[~] type AdminCreateUserConfig │ │ │ └ properties │ │ │ ├ AllowAdminCreateUserOnly: (documentation changed) │ │ │ └ UnusedAccountValidityDays: (documentation changed) │ │ ├[~] type DeviceConfiguration │ │ │ └ - documentation: The device-remembering configuration for a user pool. A [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. Additionally. when the property `DeviceOnlyRememberedOnUserPrompt` is `true` , you must follow `ConfirmDevice` with an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request that sets the user's device to `remembered` or `not_remembered` . │ │ │ To # with a remembered device, include `DEVICE_KEY` in the authentication parameters in your user's [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html) request. If your app doesn't include a `DEVICE_KEY` parameter, the [response](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_ResponseSyntax) from Amazon Cognito includes newly-generated `DEVICE_KEY` and `DEVICE_GROUP_KEY` values under `NewDeviceMetadata` . Store these values to use in future device-authentication requests. │ │ │ > When you provide a value for any property of `DeviceConfiguration` , you activate the device remembering for the user pool. │ │ │ + documentation: The device-remembering configuration for a user pool. A [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. Additionally. when the property `DeviceOnlyRememberedOnUserPrompt` is `true` , you must follow `ConfirmDevice` with an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request that sets the user's device to `remembered` or `not_remembered` . │ │ │ To # with a remembered device, include `DEVICE_KEY` in the authentication parameters in your user's [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html) request. If your app doesn't include a `DEVICE_KEY` parameter, the [response](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_ResponseSyntax) from Amazon Cognito includes newly-generated `DEVICE_KEY` and `DEVICE_GROUP_KEY` values under `NewDeviceMetadata` . Store these values to use in future device-authentication requests. │ │ │ > When you provide a value for any property of `DeviceConfiguration` , you activate the device remembering for the user pool. │ │ │ > │ │ │ > This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ ├[~] type InviteMessageTemplate │ │ │ └ - documentation: The message template to be used for the welcome message to new users. │ │ │ See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) . │ │ │ + documentation: The template for the welcome message to new users. │ │ │ See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) . │ │ ├[~] type LambdaConfig │ │ │ ├ - documentation: Specifies the configuration for AWS Lambda triggers. │ │ │ │ + documentation: A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them. │ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ └ properties │ │ │ ├ CreateAuthChallenge: (documentation changed) │ │ │ ├ CustomMessage: (documentation changed) │ │ │ ├ DefineAuthChallenge: (documentation changed) │ │ │ ├ PostAuthentication: (documentation changed) │ │ │ ├ PostConfirmation: (documentation changed) │ │ │ ├ PreAuthentication: (documentation changed) │ │ │ ├ Pre#: (documentation changed) │ │ │ ├ PreTokenGeneration: (documentation changed) │ │ │ ├ PreTokenGenerationConfig: (documentation changed) │ │ │ ├ UserMigration: (documentation changed) │ │ │ └ VerifyAuthChallengeResponse: (documentation changed) │ │ ├[~] type NumberAttributeConstraints │ │ │ └ - documentation: The minimum and maximum values of an attribute that is of the number data type. │ │ │ + documentation: The minimum and maximum values of an attribute that is of the number type, for example `custom:age` . │ │ │ This data type is part of [SchemaAttributeType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html) . It defines the length constraints on number-type attributes that you configure in [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and displays the length constraints of all number-type attributes in the response to [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) │ │ ├[~] type PasswordPolicy │ │ │ ├ - documentation: The password policy type. │ │ │ │ + documentation: The password policy settings for a user pool, including complexity, history, and length requirements. │ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ └ properties │ │ │ ├ RequireLowercase: (documentation changed) │ │ │ ├ RequireNumbers: (documentation changed) │ │ │ ├ RequireSymbols: (documentation changed) │ │ │ └ RequireUppercase: (documentation changed) │ │ ├[~] type Policies │ │ │ ├ - documentation: The policy associated with a user pool. │ │ │ │ + documentation: A list of user pool policies. Contains the policy that sets password-complexity requirements. │ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ │ └ properties │ │ │ └ PasswordPolicy: (documentation changed) │ │ ├[~] type PreTokenGenerationConfig │ │ │ └ - documentation: The properties of a pre token generation Lambda trigger. │ │ │ + documentation: The properties of a pre token generation Lambda trigger. │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ ├[~] type SchemaAttribute │ │ │ └ - documentation: A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a `custom:` prefix, and developer attributes with a `dev:` prefix. For more information, see [User pool attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) . │ │ │ Developer-only attributes are a legacy feature of user pools, are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead. │ │ │ + documentation: A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a `custom:` prefix, and developer attributes with a `dev:` prefix. For more information, see [User pool attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) . │ │ │ Developer-only `dev:` attributes are a legacy feature of user pools, and are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead. │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ ├[~] type StringAttributeConstraints │ │ │ └ properties │ │ │ └ MinLength: (documentation changed) │ │ ├[~] type UsernameConfiguration │ │ │ └ properties │ │ │ └ CaseSensitive: (documentation changed) │ │ ├[~] type UserPoolAddOns │ │ │ └ - documentation: User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . │ │ │ For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . │ │ │ + documentation: User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . │ │ │ For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ └[~] type VerificationMessageTemplate │ │ ├ - documentation: The template for verification messages. │ │ │ + documentation: The template for the verification message that your user pool delivers to users who set an email address or phone number attribute. │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . │ │ └ properties │ │ └ DefaultEmailOption: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolClient │ │ ├ properties │ │ │ └ ReadAttributes: (documentation changed) │ │ └ types │ │ ├[~] type AnalyticsConfiguration │ │ │ ├ - documentation: The Amazon Pinpoint analytics configuration necessary to collect metrics for a user pool. │ │ │ │ > In Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region. │ │ │ │ + documentation: The settings for Amazon Pinpoint analytics configuration. With an analytics configuration, your application can collect user-activity metrics for user notifications with a Amazon Pinpoint campaign. │ │ │ │ Amazon Pinpoint isn't available in all AWS Regions. For a list of available Regions, see [Amazon Cognito and Amazon Pinpoint Region availability](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html#cognito-user-pools-find-region-mappings) . │ │ │ │ This data type is a request parameter of [CreateUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html) and [UpdateUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html) , and a response parameter of [DescribeUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html) . │ │ │ └ properties │ │ │ ├ ApplicationId: (documentation changed) │ │ │ ├ ExternalId: (documentation changed) │ │ │ └ RoleArn: (documentation changed) │ │ └[~] type TokenValidityUnits │ │ └ properties │ │ ├ AccessToken: (documentation changed) │ │ ├ IdToken: (documentation changed) │ │ └ RefreshToken: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolDomain │ │ └ types │ │ └[~] type CustomDomainConfigType │ │ └ - documentation: The configuration for a custom domain that hosts the sign-up and sign-in webpages for your application. │ │ + documentation: The configuration for a hosted UI custom domain. │ │ This data type is a request parameter of [CreateUserPoolDomain](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolDomain.html) and [UpdateUserPoolDomain](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolDomain.html) . │ ├[~] resource AWS::Cognito::UserPoolResourceServer │ │ └ types │ │ └[~] type ResourceServerScopeType │ │ ├ - documentation: A resource server scope. │ │ │ + documentation: One custom scope associated with a user pool resource server. This data type is a member of `ResourceServerScopeType` . For more information, see [Scopes, M2M, and API authorization with resource servers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html) . │ │ │ This data type is a request parameter of [CreateResourceServer](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html) and a response parameter of [DescribeResourceServer](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeResourceServer.html) . │ │ └ properties │ │ ├ ScopeDescription: (documentation changed) │ │ └ ScopeName: (documentation changed) │ ├[~] resource AWS::Cognito::UserPoolRiskConfigurationAttachment │ │ ├ properties │ │ │ ├ AccountTakeoverRiskConfiguration: (documentation changed) │ │ │ ├ CompromisedCredentialsRiskConfiguration: (documentation changed) │ │ │ ├ RiskExceptionConfiguration: (documentation changed) │ │ │ └ UserPoolId: (documentation changed) │ │ └ types │ │ ├[~] type AccountTakeoverActionsType │ │ │ ├ - documentation: Account takeover actions type. │ │ │ │ + documentation: A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. │ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ └ properties │ │ │ ├ HighAction: (documentation changed) │ │ │ ├ LowAction: (documentation changed) │ │ │ └ MediumAction: (documentation changed) │ │ ├[~] type AccountTakeoverActionType │ │ │ ├ - documentation: Account takeover action type. │ │ │ │ + documentation: The automated response to a risk level for adaptive authentication in full-function, or `ENFORCED` , mode. You can assign an action to each risk level that advanced security features evaluates. │ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ └ properties │ │ │ ├ EventAction: (documentation changed) │ │ │ └ Notify: (documentation changed) │ │ ├[~] type AccountTakeoverRiskConfigurationType │ │ │ ├ - documentation: Configuration for mitigation actions and notification for different levels of risk detected for a potential account takeover. │ │ │ │ + documentation: The settings for automated responses and notification templates for adaptive authentication with advanced security features. │ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ └ properties │ │ │ ├ Actions: (documentation changed) │ │ │ └ NotifyConfiguration: (documentation changed) │ │ ├[~] type CompromisedCredentialsActionsType │ │ │ ├ - documentation: The compromised credentials actions type. │ │ │ │ + documentation: Settings for user pool actions when Amazon Cognito detects compromised credentials with advanced security features in full-function `ENFORCED` mode. │ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ └ properties │ │ │ └ EventAction: (documentation changed) │ │ ├[~] type CompromisedCredentialsRiskConfigurationType │ │ │ ├ - documentation: The compromised credentials risk configuration type. │ │ │ │ + documentation: Settings for compromised-credentials actions and authentication-event sources with advanced security features in full-function `ENFORCED` mode. │ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ └ properties │ │ │ ├ Actions: (documentation changed) │ │ │ └ EventFilter: (documentation changed) │ │ ├[~] type NotifyConfigurationType │ │ │ ├ - documentation: The notify configuration type. │ │ │ │ + documentation: The configuration for Amazon SES email messages that advanced security features sends to a user when your adaptive authentication automated response has a *Notify* action. │ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ └ properties │ │ │ ├ BlockEmail: (documentation changed) │ │ │ ├ From: (documentation changed) │ │ │ ├ MfaEmail: (documentation changed) │ │ │ ├ NoActionEmail: (documentation changed) │ │ │ └ ReplyTo: (documentation changed) │ │ ├[~] type NotifyEmailType │ │ │ ├ - documentation: The notify email type. │ │ │ │ + documentation: The template for email messages that advanced security features sends to a user when your threat protection automated response has a *Notify* action. │ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ │ └ properties │ │ │ ├ HtmlBody: (documentation changed) │ │ │ ├ Subject: (documentation changed) │ │ │ └ TextBody: (documentation changed) │ │ └[~] type RiskExceptionConfigurationType │ │ ├ - documentation: The type of the configuration to override the risk decision. │ │ │ + documentation: Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) . │ │ └ properties │ │ ├ BlockedIPRangeList: (documentation changed) │ │ └ SkippedIPRangeList: (documentation changed) │ └[~] resource AWS::Cognito::UserPoolUser │ └ types │ └[~] type AttributeType │ └ - documentation: Specifies whether the attribute is standard or custom. │ + documentation: The name and value of a user attribute. │ This data type is a request parameter of [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) and [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) . ├[~] service aws-connect │ └ resources │ ├[+] resource AWS::Connect::AgentStatus │ │ ├ name: AgentStatus │ │ │ cloudFormationType: AWS::Connect::AgentStatus │ │ │ documentation: Contains information about an agent status. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├InstanceArn: string (required) │ │ │ ├Description: string │ │ │ ├Name: string (required) │ │ │ ├DisplayOrder: integer │ │ │ ├State: string (required) │ │ │ ├Type: string │ │ │ ├ResetOrderNumber: boolean │ │ │ └Tags: Array<tag> │ │ └ attributes │ │ ├AgentStatusArn: string │ │ ├LastModifiedRegion: string │ │ └LastModifiedTime: number │ └[+] resource AWS::Connect::UserHierarchyStructure │ ├ name: UserHierarchyStructure │ │ cloudFormationType: AWS::Connect::UserHierarchyStructure │ │ documentation: Contains information about a hierarchy structure. │ ├ properties │ │ ├InstanceArn: string (required, immutable) │ │ └UserHierarchyStructure: UserHierarchyStructure │ ├ attributes │ │ └UserHierarchyStructureArn: string │ └ types │ ├type UserHierarchyStructure │ │├ documentation: Contains information about a hierarchy structure. │ ││ name: UserHierarchyStructure │ │└ properties │ │ ├LevelOne: LevelOne │ │ ├LevelTwo: LevelTwo │ │ ├LevelThree: LevelThree │ │ ├LevelFour: LevelFour │ │ └LevelFive: LevelFive │ ├type LevelOne │ │├ documentation: Information about level one. │ ││ name: LevelOne │ │└ properties │ │ ├HierarchyLevelArn: string │ │ ├HierarchyLevelId: string │ │ └Name: string (required) │ ├type LevelTwo │ │├ documentation: The update for level two. │ ││ name: LevelTwo │ │└ properties │ │ ├HierarchyLevelArn: string │ │ ├HierarchyLevelId: string │ │ └Name: string (required) │ ├type LevelThree │ │├ documentation: The update for level three. │ ││ name: LevelThree │ │└ properties │ │ ├HierarchyLevelArn: string │ │ ├HierarchyLevelId: string │ │ └Name: string (required) │ ├type LevelFour │ │├ documentation: The update for level four. │ ││ name: LevelFour │ │└ properties │ │ ├HierarchyLevelArn: string │ │ ├HierarchyLevelId: string │ │ └Name: string (required) │ └type LevelFive │ ├ documentation: The update for level five. │ │ name: LevelFive │ └ properties │ ├HierarchyLevelArn: string │ ├HierarchyLevelId: string │ └Name: string (required) ├[~] service aws-databrew │ └ resources │ ├[~] resource AWS::DataBrew::Recipe │ │ └ types │ │ └[~] type RecipeParameters │ │ └ properties │ │ └ Input: - json │ │ + Input ⇐ json │ └[~] resource AWS::DataBrew::Ruleset │ └ properties │ └ Tags: - Array<tag> │ + Array<tag> (immutable) ├[~] service aws-datazone │ └ resources │ ├[~] resource AWS::DataZone::Environment │ │ └ properties │ │ ├[+] EnvironmentAccountIdentifier: string (immutable) │ │ ├[+] EnvironmentAccountRegion: string (immutable) │ │ ├ EnvironmentProfileIdentifier: - string (required, immutable) │ │ │ + string (immutable) │ │ └[+] EnvironmentRoleArn: string │ └[+] resource AWS::DataZone::EnvironmentActions │ ├ name: EnvironmentActions │ │ cloudFormationType: AWS::DataZone::EnvironmentActions │ │ documentation: The details about the specified action configured for an environment. For example, the details of the specified console links for an analytics tool that is available in this environment. │ ├ properties │ │ ├Description: string │ │ ├DomainIdentifier: string (immutable) │ │ ├EnvironmentIdentifier: string (immutable) │ │ ├Identifier: string │ │ ├Name: string (required) │ │ └Parameters: AwsConsoleLinkParameters │ ├ attributes │ │ ├DomainId: string │ │ ├EnvironmentId: string │ │ └Id: string │ └ types │ └type AwsConsoleLinkParameters │ ├ documentation: The parameters of the console link specified as part of the environment action. │ │ name: AwsConsoleLinkParameters │ └ properties │ └Uri: string ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::LaunchTemplate │ │ ├ properties │ │ │ └ TagSpecifications: (documentation changed) │ │ └ types │ │ ├[~] type LaunchTemplateData │ │ │ └ properties │ │ │ └ TagSpecifications: (documentation changed) │ │ ├[~] type LaunchTemplateTagSpecification │ │ │ └ - documentation: Specifies the tags to apply to the launch template during creation. │ │ │ `LaunchTemplateTagSpecification` is a property of [AWS::EC2::LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html) . │ │ │ + documentation: Specifies the tags to apply to the launch template during creation. │ │ │ To specify the tags for the resources that are created during instance launch, use [AWS::EC2::LaunchTemplate TagSpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-tagspecification.html) . │ │ │ `LaunchTemplateTagSpecification` is a property of [AWS::EC2::LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html) . │ │ └[~] type TagSpecification │ │ └ - documentation: Specifies the tags to apply to a resource when the resource is created for the launch template. │ │ `TagSpecification` is a property type of [`TagSpecifications`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications) . [`TagSpecifications`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications) is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html) . │ │ + documentation: Specifies the tags to apply to resources that are created during instance launch. │ │ `TagSpecification` is a property type of [`TagSpecifications`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications) . [`TagSpecifications`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications) is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html) . │ ├[~] resource AWS::EC2::VPCEndpoint │ │ └ - documentation: Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS , an AWS Marketplace Partner, or another AWS accounts in your organization. For more information, see the [AWS PrivateLink User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/) . │ │ An endpoint of type `Interface` establishes connections between the subnets in your VPC and an , your own service, or a service hosted by another AWS account . With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. │ │ An endpoint of type `gateway` serves as a target for a route in your route table for traffic destined for Amazon S3 or DynamoDB . You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to Amazon S3 , see [Why can't I connect to an S3 bucket using a gateway VPC endpoint?](https://docs.aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint) │ │ An endpoint of type `GatewayLoadBalancer` provides private connectivity between your VPC and virtual appliances from a service provider. │ │ + documentation: Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS , an AWS Marketplace Partner, or another AWS accounts in your organization. For more information, see the [AWS PrivateLink User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/) . │ │ An endpoint of type `Interface` establishes connections between the subnets in your VPC and an AWS service , your own service, or a service hosted by another AWS account . With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. │ │ An endpoint of type `gateway` serves as a target for a route in your route table for traffic destined for Amazon S3 or DynamoDB . You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to Amazon S3 , see [Why can't I connect to an S3 bucket using a gateway VPC endpoint?](https://docs.aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint) │ │ An endpoint of type `GatewayLoadBalancer` provides private connectivity between your VPC and virtual appliances from a service provider. │ └[~] resource AWS::EC2::VPNConnection │ └ properties │ ├ LocalIpv4NetworkCidr: (documentation changed) │ ├ LocalIpv6NetworkCidr: (documentation changed) │ ├ OutsideIpAddressType: (documentation changed) │ ├ RemoteIpv4NetworkCidr: (documentation changed) │ ├ RemoteIpv6NetworkCidr: (documentation changed) │ ├ TransportTransitGatewayAttachmentId: (documentation changed) │ └ TunnelInsideIpVersion: (documentation changed) ├[~] service aws-ecr │ └ resources │ ├[~] resource AWS::ECR::Repository │ │ └ types │ │ └[~] type EncryptionConfiguration │ │ └ properties │ │ └ EncryptionType: (documentation changed) │ └[~] resource AWS::ECR::RepositoryCreationTemplate │ └ types │ └[~] type EncryptionConfiguration │ └ properties │ └ EncryptionType: (documentation changed) ├[~] service aws-ecs │ └ resources │ └[~] resource AWS::ECS::TaskDefinition │ └ types │ ├[~] type ContainerDefinition │ │ └ properties │ │ ├ EntryPoint: (documentation changed) │ │ ├ Hostname: (documentation changed) │ │ ├ Name: (documentation changed) │ │ ├ PseudoTerminal: (documentation changed) │ │ ├ StopTimeout: (documentation changed) │ │ ├ SystemControls: (documentation changed) │ │ └ VolumesFrom: (documentation changed) │ ├[~] type HealthCheck │ │ └ properties │ │ └ Command: (documentation changed) │ ├[~] type LinuxParameters │ │ └ properties │ │ └ Devices: (documentation changed) │ └[~] type SystemControl │ └ - documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in tthe docker container create command and the `--sysctl` option to docker run. For example, you can configure `net.ipv4.tcp_keepalive_time` setting to maintain longer lived connections. │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task that also uses either the `awsvpc` or `host` network mode. Doing this has the following disadvantages: │ - For tasks that use the `awsvpc` network mode including Fargate, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect. │ - For tasks that use the `host` network mode, the network namespace `systemControls` aren't supported. │ If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) . │ - For tasks that use the `host` IPC mode, IPC namespace `systemControls` aren't supported. │ - For tasks that use the `task` IPC mode, IPC namespace `systemControls` values apply to all containers within a task. │ > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate. │ + documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in the docker container create command and the `--sysctl` option to docker run. For example, you can configure `net.ipv4.tcp_keepalive_time` setting to maintain longer lived connections. │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task that also uses either the `awsvpc` or `host` network mode. Doing this has the following disadvantages: │ - For tasks that use the `awsvpc` network mode including Fargate, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect. │ - For tasks that use the `host` network mode, the network namespace `systemControls` aren't supported. │ If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) . │ - For tasks that use the `host` IPC mode, IPC namespace `systemControls` aren't supported. │ - For tasks that use the `task` IPC mode, IPC namespace `systemControls` values apply to all containers within a task. │ > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate. ├[~] service aws-elasticloadbalancingv2 │ └ resources │ └[~] resource AWS::ElasticLoadBalancingV2::Listener │ ├ properties │ │ └[+] ListenerAttributes: Array<ListenerAttribute> │ └ types │ └[+] type ListenerAttribute │ ├ documentation: Information about a listener attribute. │ │ name: ListenerAttribute │ └ properties │ ├Value: string │ └Key: string ├[~] service aws-emr │ └ resources │ ├[~] resource AWS::EMR::Cluster │ │ └ types │ │ └[~] type InstanceFleetProvisioningSpecifications │ │ └ properties │ │ ├ OnDemandSpecification: (documentation changed) │ │ └ SpotSpecification: (documentation changed) │ └[~] resource AWS::EMR::InstanceFleetConfig │ └ types │ └[~] type InstanceFleetProvisioningSpecifications │ └ properties │ ├ OnDemandSpecification: (documentation changed) │ └ SpotSpecification: (documentation changed) ├[~] service aws-events │ └ resources │ └[~] resource AWS::Events::Connection │ ├ properties │ │ └ AuthParameters: - AuthParameters │ │ + AuthParameters (required) │ └ types │ └[~] type Parameter │ └ properties │ └ IsValueSecret: - boolean │ + boolean (default=true) ├[~] service aws-fms │ └ resources │ └[~] resource AWS::FMS::Policy │ └ types │ ├[+] type NetworkAclCommonPolicy │ │ └ documentation: Defines a Firewall Manager network ACL policy. This is used in the `PolicyOption` of a `SecurityServicePolicyData` for a `Policy` , when the `SecurityServicePolicyData` type is set to `NETWORK_ACL_COMMON` . │ │ For information about network ACLs, see [Control traffic to subnets using network ACLs](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) in the *Amazon Virtual Private Cloud User Guide* . │ │ name: NetworkAclCommonPolicy │ └[~] type PolicyOption │ └ properties │ └[+] NetworkAclCommonPolicy: NetworkAclCommonPolicy ├[~] service aws-fsx │ └ resources │ └[~] resource AWS::FSx::DataRepositoryAssociation │ └ properties │ └ DataRepositoryPath: (documentation changed) ├[~] service aws-gamelift │ └ resources │ ├[~] resource AWS::GameLift::ContainerGroupDefinition │ │ ├ - documentation: *This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.* │ │ │ The properties that describe a container group resource. Container group definition properties can't be updated. To change a property, create a new container group definition. │ │ │ *Used with:* `CreateContainerGroupDefinition` │ │ │ *Returned by:* `DescribeContainerGroupDefinition` , `ListContainerGroupDefinitions` │ │ │ + documentation: *This data type is used with the Amazon GameLift containers feature, which is currently in public preview.* │ │ │ The properties that describe a container group resource. Container group definition properties can't be updated. To change a property, create a new container group definition. │ │ │ *Used with:* `CreateContainerGroupDefinition` │ │ │ *Returned by:* `DescribeContainerGroupDefinition` , `ListContainerGroupDefinitions` │ │ ├ properties │ │ │ ├ TotalCpuLimit: (documentation changed) │ │ │ └ TotalMemoryLimit: (documentation changed) │ │ └ …
- Loading branch information