From 4b837dfadbd1336b7f4deeb828b5bf4cac781aa1 Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Thu, 26 May 2022 02:48:55 -0700 Subject: [PATCH] docs(cfnspec): update CloudFormation documentation (#20500) --- .../spec-source/cfn-docs/cfn-docs.json | 89 +++++++++++-------- 1 file changed, 53 insertions(+), 36 deletions(-) diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 77519b7245d71..1cee622dab798 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -9280,11 +9280,11 @@ "description": "The template for verification messages.", "properties": { "DefaultEmailOption": "The default email option.", - "EmailMessage": "The email message template. EmailMessage is allowed only if [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is DEVELOPER.", - "EmailMessageByLink": "The email message template for sending a confirmation link to the user. EmailMessageByLink is allowed only if [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is DEVELOPER.", - "EmailSubject": "The subject line for the email message template. EmailSubject is allowed only if [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is DEVELOPER.", - "EmailSubjectByLink": "The subject line for the email message template for sending a confirmation link to the user. EmailSubjectByLink is allowed only [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is DEVELOPER.", - "SmsMessage": "The SMS message template." + "EmailMessage": "The template for email messages that Amazon Cognito sends to your users. You can set an `EmailMessage` template only if the value of [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` . When your [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` , your user pool sends email messages with your own Amazon SES configuration.", + "EmailMessageByLink": "The email message template for sending a confirmation link to the user. You can set an `EmailMessageByLink` template only if the value of [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` . When your [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` , your user pool sends email messages with your own Amazon SES configuration.", + "EmailSubject": "The subject line for the email message template. You can set an `EmailSubject` template only if the value of [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` . When your [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` , your user pool sends email messages with your own Amazon SES configuration.", + "EmailSubjectByLink": "The subject line for the email message template for sending a confirmation link to the user. You can set an `EmailSubjectByLink` template only if the value of [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` . When your [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` , your user pool sends email messages with your own Amazon SES configuration.", + "SmsMessage": "The template for SMS messages that Amazon Cognito sends to your users." } }, "AWS::Cognito::UserPoolClient": { @@ -9548,7 +9548,7 @@ "ConfigRuleId": "The ID of the AWS Config rule, such as `config-rule-a1bzhi` .", "Ref": "`Ref` returns the rule name, such as `mystack-MyConfigRule-12ABCFPXHV4OV` ." }, - "description": "Specifies an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations.\n\nYou can use this action for custom AWS Config rules and AWS managed Config rules. A custom AWS Config rule is a rule that you develop and maintain. An AWS managed Config rule is a customizable, predefined rule that AWS Config provides.\n\nIf you are adding a new custom AWS Config rule, you must first create the AWS Lambda function that the rule invokes to evaluate your resources. When you use the `PutConfigRule` action to add the rule to AWS Config , you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. Specify the ARN for the `SourceIdentifier` key. This key is part of the `Source` object, which is part of the `ConfigRule` object.\n\nIf you are adding an AWS managed Config rule, specify the rule's identifier for the `SourceIdentifier` key. To reference AWS managed Config rule identifiers, see [About AWS Managed Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) .\n\nFor any new rule that you add, specify the `ConfigRuleName` in the `ConfigRule` object. Do not specify the `ConfigRuleArn` or the `ConfigRuleId` . These values are generated by AWS Config for new rules.\n\nIf you are updating a rule that you added previously, you can specify the rule by `ConfigRuleName` , `ConfigRuleId` , or `ConfigRuleArn` in the `ConfigRule` data type that you use in this request.\n\nThe maximum number of rules that AWS Config supports is 150.\n\nFor information about requesting a rule limit increase, see [AWS Config Limits](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_config) in the *AWS General Reference Guide* .\n\nFor more information about developing and using AWS Config rules, see [Evaluating AWS Resource Configurations with AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *AWS Config Developer Guide* .", + "description": "Specifies an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations.\n\nYou can use this action for custom AWS Config rules and AWS managed Config rules. A custom AWS Config rule is a rule that you develop and maintain. An AWS managed Config rule is a customizable, predefined rule that AWS Config provides.\n\nIf you are adding a new custom AWS Config rule, you must first create the AWS Lambda function that the rule invokes to evaluate your resources. When you use the `PutConfigRule` action to add the rule to AWS Config , you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. Specify the ARN for the `SourceIdentifier` key. This key is part of the `Source` object, which is part of the `ConfigRule` object.\n\nIf you are adding an AWS managed Config rule, specify the rule's identifier for the `SourceIdentifier` key. To reference AWS managed Config rule identifiers, see [About AWS Managed Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) .\n\nFor any new rule that you add, specify the `ConfigRuleName` in the `ConfigRule` object. Do not specify the `ConfigRuleArn` or the `ConfigRuleId` . These values are generated by AWS Config for new rules.\n\nIf you are updating a rule that you added previously, you can specify the rule by `ConfigRuleName` , `ConfigRuleId` , or `ConfigRuleArn` in the `ConfigRule` data type that you use in this request.\n\nThe maximum number of rules that AWS Config supports is 400.\n\nFor information about requesting a rule limit increase, see [AWS Config endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/awsconfig.html) in the *AWS General Reference Guide* .\n\nFor more information about developing and using AWS Config rules, see [Evaluating AWS Resource Configurations with AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *AWS Config Developer Guide* .", "properties": { "ConfigRuleName": "A name for the AWS Config rule. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .", "Description": "The description that you provide for the AWS Config rule.", @@ -11755,15 +11755,15 @@ }, "description": "The `AWS::DataSync::LocationObjectStorage` resource specifies an endpoint for a self-managed object storage bucket. For more information about self-managed object storage locations, see [Creating a Location for Object Storage](https://docs.aws.amazon.com/datasync/latest/userguide/create-object-location.html) .", "properties": { - "AccessKey": "Optional. The access key is used if credentials are required to access the self-managed object storage server. If your object storage requires a user name and password to authenticate, use `AccessKey` and `SecretKey` to provide the user name and password, respectively.", - "AgentArns": "The Amazon Resource Name (ARN) of the agents associated with the self-managed object storage server location.", - "BucketName": "The bucket on the self-managed object storage server that is used to read data from.", - "SecretKey": "Optional. The secret key is used if credentials are required to access the self-managed object storage server. If your object storage requires a user name and password to authenticate, use `AccessKey` and `SecretKey` to provide the user name and password, respectively.", - "ServerHostname": "The name of the self-managed object storage server. This value is the IP address or Domain Name Service (DNS) name of the object storage server. An agent uses this hostname to mount the object storage server in a network.", - "ServerPort": "The port that your self-managed object storage server accepts inbound network traffic on. The server port is set by default to TCP 80 (HTTP) or TCP 443 (HTTPS). You can specify a custom port if your self-managed object storage server requires one.", - "ServerProtocol": "The protocol that the object storage server uses to communicate. Valid values are HTTP or HTTPS.", - "Subdirectory": "The subdirectory in the self-managed object storage server that is used to read data from.", - "Tags": "The key-value pair that represents the tag that you want to add to the location. The value can be an empty string. We recommend using tags to name your resources." + "AccessKey": "Specifies the access key (or user name) if credentials are required to access the object storage server.", + "AgentArns": "Specifies the Amazon Resource Names (ARNs) of the agents associated with the location.", + "BucketName": "Specifies the name of the bucket that DataSync reads from or writes to.", + "SecretKey": "Specifies the secret key (or password) if credentials are required to access the object storage server.", + "ServerHostname": "Specifies the domain name or IP address of the object storage server. A DataSync agent uses this hostname to mount the object storage server.", + "ServerPort": "Specifies the port that your object storage server accepts inbound network traffic on. Set to port 80 (HTTP), 443 (HTTPS), or a custom port if needed.", + "ServerProtocol": "Specifies the protocol that your object storage server uses to communicate.", + "Subdirectory": "Specifies the object prefix that DataSync reads from or writes to.", + "Tags": "Specifies the key-value pair that represents the tag to help you manage, filter, and search for your location. We recommend using tags for naming your locations." } }, "AWS::DataSync::LocationS3": { @@ -14749,10 +14749,10 @@ "attributes": { "Ref": "`Ref` returns the ID of the Traffic Mirror target." }, - "description": "Specifies a target for your Traffic Mirror session.\n\nA Traffic Mirror target is the destination for mirrored traffic. The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in different VPCs connected via VPC peering or a transit gateway.\n\nA Traffic Mirror target can be a network interface, or a Network Load Balancer.\n\nTo use the target in a Traffic Mirror session, use [AWS::EC2::TrafficMirrorSession](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-trafficmirrorsession.html) .", + "description": "Specifies a target for your Traffic Mirror session.\n\nA Traffic Mirror target is the destination for mirrored traffic. The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in different VPCs connected via VPC peering or a transit gateway.\n\nA Traffic Mirror target can be a network interface, a Network Load Balancer, or a Gateway Load Balancer endpoint.\n\nTo use the target in a Traffic Mirror session, use [AWS::EC2::TrafficMirrorSession](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-trafficmirrorsession.html) .", "properties": { "Description": "The description of the Traffic Mirror target.", - "GatewayLoadBalancerEndpointId": "", + "GatewayLoadBalancerEndpointId": "The ID of the Gateway Load Balancer endpoint.", "NetworkInterfaceId": "The network interface ID that is associated with the target.", "NetworkLoadBalancerArn": "The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the target.", "Tags": "The tags to assign to the Traffic Mirror target." @@ -14957,11 +14957,11 @@ }, "AWS::EC2::VPC": { "attributes": { - "CidrBlock": "The set of IP addresses for the VPC. For example, `10.0.0.0/16` .", - "CidrBlockAssociations": "The IPv4 CIDR block association IDs for the VPC. For example, `[ vpc-cidr-assoc-0280ab6b ]` .", - "DefaultNetworkAcl": "The default network ACL ID that is associated with the VPC. For example, `acl-814dafe3` .", - "DefaultSecurityGroup": "The default security group ID that is associated with the VPC. For example, `sg-b178e0d3` .", - "Ipv6CidrBlocks": "The IPv6 CIDR blocks that are associated with the VPC, such as `[ 2001:db8:1234:1a00::/56 ]` .", + "CidrBlock": "The primary IPv4 CIDR block for the VPC. For example, 10.0.0.0/16.", + "CidrBlockAssociations": "The association IDs of the IPv4 CIDR blocks for the VPC. For example, [ vpc-cidr-assoc-0280ab6b ].", + "DefaultNetworkAcl": "The ID of the default network ACL for the VPC. For example, acl-814dafe3.", + "DefaultSecurityGroup": "The ID of the default security group for the VPC. For example, sg-b178e0d3.", + "Ipv6CidrBlocks": "The IPv6 CIDR blocks for the VPC. For example, [ 2001:db8:1234:1a00::/56 ].", "Ref": "`Ref` returns the ID of the VPC.", "VpcId": "" }, @@ -14970,7 +14970,7 @@ "CidrBlock": "The IPv4 network range for the VPC, in CIDR notation. For example, `10.0.0.0/16` . We modify the specified CIDR block to its canonical form; for example, if you specify `100.68.0.18/18` , we modify it to `100.68.0.0/18` .\n\nYou must specify either `CidrBlock` or `Ipv4IpamPoolId` .", "EnableDnsHostnames": "Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not. Disabled by default for nondefault VPCs. For more information, see [DNS attributes in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support) .\n\nYou can only enable DNS hostnames if you've enabled DNS support.", "EnableDnsSupport": "Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range \"plus two\" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled. Enabled by default. For more information, see [DNS attributes in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support) .", - "InstanceTenancy": "The allowed tenancy of instances launched into the VPC.\n\n- `\"default\"` : An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch.\n- `\"dedicated\"` : An instance launched into the VPC is a Dedicated Instance by default, unless you explicitly specify a tenancy of host during instance launch. You cannot specify a tenancy of default during instance launch.\n\nUpdating `InstanceTenancy` requires no replacement only if you are updating its value from `\"dedicated\"` to `\"default\"` . Updating `InstanceTenancy` from `\"default\"` to `\"dedicated\"` requires replacement.", + "InstanceTenancy": "The allowed tenancy of instances launched into the VPC.\n\n- `default` : An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch.\n- `dedicated` : An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of `host` during instance launch. You cannot specify a tenancy of `default` during instance launch.\n\nUpdating `InstanceTenancy` requires no replacement only if you are updating its value from `dedicated` to `default` . Updating `InstanceTenancy` from `default` to `dedicated` requires replacement.", "Ipv4IpamPoolId": "The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. For more information, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .\n\nYou must specify either `CidrBlock` or `Ipv4IpamPoolId` .", "Ipv4NetmaskLength": "The netmask length of the IPv4 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide* .", "Tags": "The tags for the VPC." @@ -26023,7 +26023,7 @@ "attributes": {}, "description": "Provides the identifier of the AWS KMS customer master key (CMK) used to encrypt data indexed by Amazon Kendra. We suggest that you use a CMK from your account to help secure your index. Amazon Kendra doesn't support asymmetric CMKs.", "properties": { - "KmsKeyId": "The identifier of the AWS KMS customer master key (CMK). Amazon Kendra doesn't support asymmetric CMKs." + "KmsKeyId": "The identifier of the AWS KMS key . Amazon Kendra doesn't support asymmetric keys." } }, "AWS::Kendra::Index.UserTokenConfiguration": { @@ -29204,10 +29204,10 @@ "attributes": {}, "description": "Contains information about how the source data should be interpreted.", "properties": { - "AppFlowConfig": "An object containing information about the AppFlow configuration.", - "CloudwatchConfig": "An object containing information about the Amazon CloudWatch monitoring configuration.", - "RDSSourceConfig": "An object containing information about the Amazon Relational Database Service (RDS) configuration.", - "RedshiftSourceConfig": "An object containing information about the Amazon Redshift database configuration.", + "AppFlowConfig": "Details about an AppFlow datasource.", + "CloudwatchConfig": "Details about an Amazon CloudWatch monitoring datasource.", + "RDSSourceConfig": "Details about an Amazon Relational Database Service (RDS) datasource.", + "RedshiftSourceConfig": "Details about an Amazon Redshift database datasource.", "S3SourceConfig": "Contains information about the configuration of the S3 bucket that contains source files." } }, @@ -36600,7 +36600,7 @@ "Arn": "The Amazon Resource Name (ARN) of the fleet, such as `arn:aws:robomaker:us-west-2:123456789012:deployment-fleet/MyFleet/1539894765711` .", "Ref": "When you pass the logical ID of an `AWS::RoboMaker::Fleet` resource to the intrinsic `Ref` function, the function returns the Amazon Resource Name (ARN) of the fleet, such as `arn:aws:robomaker:us-west-2:123456789012:deployment-fleet/MyFleet/1539894765711` ." }, - "description": "The `AWS::RoboMaker::Fleet` resource creates an AWS RoboMaker fleet. Fleets contain robots and can receive deployments.", + "description": "> The following resource is now deprecated. This resource can no longer be provisioned via stack create or update operations, and should not be included in your stack templates.\n> \n> We recommend migrating to AWS IoT Greengrass Version 2. For more information, see [Support Changes: May 2, 2022](https://docs.aws.amazon.com/robomaker/latest/dg/chapter-support-policy.html#software-support-policy-may2022) in the *AWS RoboMaker Developer Guide* . \n\nThe `AWS::RoboMaker::Fleet` resource creates an AWS RoboMaker fleet. Fleets contain robots and can receive deployments.", "properties": { "Name": "The name of the fleet.", "Tags": "The list of all tags added to the fleet." @@ -36611,7 +36611,7 @@ "Arn": "The Amazon Resource Name (ARN) of the robot.", "Ref": "When you pass the logical ID of an `AWS::RoboMaker::Robot` resource to the intrinsic `Ref` function, the function returns the Amazon Resource Name (ARN) of the robot application, such as `arn:aws:robomaker:us-west-2:123456789012:robot/MyRobot/1544035373264` ." }, - "description": "The `AWS::RoboMaker::RobotApplication` resource creates an AWS RoboMaker robot.", + "description": "> The following resource is now deprecated. This resource can no longer be provisioned via stack create or update operations, and should not be included in your stack templates.\n> \n> We recommend migrating to AWS IoT Greengrass Version 2. For more information, see [Support Changes: May 2, 2022](https://docs.aws.amazon.com/robomaker/latest/dg/chapter-support-policy.html#software-support-policy-may2022) in the *AWS RoboMaker Developer Guide* . \n\nThe `AWS::RoboMaker::RobotApplication` resource creates an AWS RoboMaker robot.", "properties": { "Architecture": "The architecture of the robot.", "Fleet": "The Amazon Resource Name (ARN) of the fleet to which the robot will be registered.", @@ -38944,6 +38944,21 @@ "ChatbotSns": "The SNS targets that AWS Chatbot uses to notify the chat channel of updates to an incident. You can also make updates to the incident through the chat channel by using the SNS topics" } }, + "AWS::SSMIncidents::ResponsePlan.DynamicSsmParameter": { + "attributes": {}, + "description": "", + "properties": { + "Key": "", + "Value": "" + } + }, + "AWS::SSMIncidents::ResponsePlan.DynamicSsmParameterValue": { + "attributes": {}, + "description": "", + "properties": { + "Variable": "" + } + }, "AWS::SSMIncidents::ResponsePlan.IncidentTemplate": { "attributes": {}, "description": "The `IncidentTemplate` property type specifies details used to create an incident when using this response plan.", @@ -38968,6 +38983,7 @@ "properties": { "DocumentName": "The automation document's name.", "DocumentVersion": "The automation document's version to use when running.", + "DynamicParameters": "", "Parameters": "The key-value pair parameters to use when running the automation document.", "RoleArn": "The Amazon Resource Name (ARN) of the role that the automation document will assume when running commands.", "TargetAccount": "The account that the automation document will be run in. This can be in either the management account or an application account." @@ -40688,7 +40704,7 @@ "Ref": "`Ref` returns the Domain ID and the user profile name, such as `d-xxxxxxxxxxxx` and `my-user-profile` , respectively.", "UserProfileArn": "The Amazon Resource Name (ARN) of the user profile, such as `arn:aws:sagemaker:us-west-2:account-id:user-profile/my-user-profile` ." }, - "description": "Creates a user profile. A user profile represents a single user within a domain, and is the main way to reference a \"person\" for the purposes of sharing, reporting, and other user-oriented features. This entity is created when a user onboards to Amazon SageMaker Studio. If an administrator invites a person by email or imports them from SSO, a user profile is automatically created. A user profile is the primary holder of settings for an individual user and has a reference to the user's private Amazon Elastic File System (EFS) home directory.", + "description": "Creates a user profile. A user profile represents a single user within a domain, and is the main way to reference a \"person\" for the purposes of sharing, reporting, and other user-oriented features. This entity is created when a user onboards to Amazon SageMaker Studio. If an administrator invites a person by email or imports them from SSO, a user profile is automatically created. A user profile is the primary holder of settings for an individual user and has a reference to the user's private Amazon Elastic File System (EFS) home directory.\n\n> If you're using SSO authentication, an SSO user, or an SSO group containing that user, must be assigned to the Amazon SageMaker Studio application from the AWS SSO Console to create a user profile. For more information about application assignment, see [Assign user access](https://docs.aws.amazon.com/singlesignon/latest/userguide/assignuserstoapp.html) . After assignment is complete, a user profile can be created for that SSO user with AWS CloudFormation.", "properties": { "DomainId": "The domain ID.", "SingleSignOnUserIdentifier": "A specifier for the type of value specified in SingleSignOnUserValue. Currently, the only supported value is \"UserName\". If the Domain's AuthMode is SSO, this field is required. If the Domain's AuthMode is not SSO, this field cannot be specified.", @@ -41783,8 +41799,9 @@ "attributes": {}, "description": "Protocol settings that are configured for your server.", "properties": { - "PassiveIp": "Indicates passive mode, for FTP and FTPS protocols. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp= *0.0.0.0*`\n\nReplace `*0.0.0.0*` in the example above with the actual IP address you want to use.\n\n> If you change the `PassiveIp` value, you must stop and then restart your Transfer server for the change to take effect. For details on using Passive IP (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) .", - "TlsSessionResumptionMode": "A property used with Transfer servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. `TlsSessionResumptionMode` determines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available during `CreateServer` and `UpdateServer` calls. If a `TlsSessionResumptionMode` value is not specified during CreateServer, it is set to `ENFORCED` by default.\n\n- `DISABLED` : the server does not process TLS session resumption client requests and creates a new TLS session for each request.\n- `ENABLED` : the server processes and accepts clients that are performing TLS session resumption. The server doesn't reject client data connections that do not perform the TLS session resumption client processing.\n- `ENFORCED` : the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value to `ENFORCED` , test your clients.\n\n> Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don't perform the protocol negotiation. To determine whether or not you can use the `ENFORCED` value, you need to test your clients." + "PassiveIp": "Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp= *0.0.0.0*`\n\nReplace `*0.0.0.0*` in the example above with the actual IP address you want to use.\n\n> If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) .", + "SetStatOption": "Use the `SetStatOption` to ignore the error that is generated when the client attempts to use SETSTAT on a file you are uploading to an S3 bucket.\n\nSome SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such as SETSTAT when uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded.\n\nSet the value to `ENABLE_NO_OP` to have the Transfer Family server ignore the SETSTAT command, and upload files without needing to make any changes to your SFTP client. While the `SetStatOption` `ENABLE_NO_OP` setting ignores the error, it does generate a log entry in CloudWatch Logs, so you can determine when the client is making a SETSTAT call.\n\n> If you want to preserve the original timestamp for your file, and modify other file attributes using SETSTAT, you can use Amazon EFS as backend storage with Transfer Family.", + "TlsSessionResumptionMode": "A property used with Transfer Family servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. `TlsSessionResumptionMode` determines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available during `CreateServer` and `UpdateServer` calls. If a `TlsSessionResumptionMode` value is not specified during `CreateServer` , it is set to `ENFORCED` by default.\n\n- `DISABLED` : the server does not process TLS session resumption client requests and creates a new TLS session for each request.\n- `ENABLED` : the server processes and accepts clients that are performing TLS session resumption. The server doesn't reject client data connections that do not perform the TLS session resumption client processing.\n- `ENFORCED` : the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value to `ENFORCED` , test your clients.\n\n> Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don't perform the protocol negotiation. To determine whether or not you can use the `ENFORCED` value, you need to test your clients." } }, "AWS::Transfer::Server.WorkflowDetail": { @@ -41874,11 +41891,11 @@ "DomainId": "The identifier of the domain.", "Ref": "`Ref` returns the `DomainId` of the domain." }, - "description": "Creates a domain that contains all Voice ID data, such as speakers, fraudsters, customer audio, and voiceprints.", + "description": "Creates a domain that contains all Amazon Connect Voice ID data, such as speakers, fraudsters, customer audio, and voiceprints.", "properties": { "Description": "The client-provided description of the domain.", "Name": "The client-provided name for the domain.", - "ServerSideEncryptionConfiguration": "The server-side encryption configuration containing the KMS Key Identifier you want VoiceID to use to encrypt your data.", + "ServerSideEncryptionConfiguration": "The server-side encryption configuration containing the KMS Key Identifier you want Voice ID to use to encrypt your data.", "Tags": "The tags used to organize, track, or control access for this resource." } }, @@ -41886,7 +41903,7 @@ "attributes": {}, "description": "The configuration containing information about the customer-managed KMS Key used for encrypting customer data.", "properties": { - "KmsKeyId": "The identifier of the KMS Key you want VoiceID to use to encrypt your data." + "KmsKeyId": "The identifier of the KMS Key you want Voice ID to use to encrypt your data." } }, "AWS::WAF::ByteMatchSet": {